[
{
"path": ".ansible-lint",
"content": "---\n\nskip_list: []\n"
},
{
"path": ".github/dependabot.yml",
"content": "---\n# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates\n\nversion: 2\nupdates:\n - package-ecosystem: github-actions\n directory: \"/\"\n schedule:\n interval: daily\n timezone: Europe/Amsterdam\n open-pull-requests-limit: 3\n - package-ecosystem: pip\n directory: \"/\"\n schedule:\n interval: daily\n timezone: Europe/Amsterdam\n open-pull-requests-limit: 3\n"
},
{
"path": ".github/workflows/main.yml",
"content": "---\non:\n push:\n pull_request:\n schedule:\n - cron: '33 5 * * 0'\n\njobs:\n Lint:\n runs-on: ubuntu-22.04\n steps:\n - uses: actions/checkout@v6\n - name: Run ansible-lint\n uses: ansible/ansible-lint@main\n Tests:\n name: Test role on different ansible versions\n runs-on: ubuntu-22.04\n strategy:\n fail-fast: false\n matrix:\n ansible:\n - \"2.15\"\n - \"2.16\"\n scenario:\n - pdns-48\n - pdns-49\n - pdns-50\n - pdns-master\n - pdns-os-repos\n steps:\n - name: checkout\n uses: actions/checkout@v6\n - name: Install python\n uses: actions/setup-python@v5\n with:\n python-version: \"3.11\"\n - name: Install dependencies\n run: |\n python -m pip install --upgrade pip\n pip install tox tox-gh-actions\n - name: Run the tests\n run: tox -- molecule test -s ${{ matrix.scenario }}\n env:\n ANSIBLE: ${{ matrix.ansible }}\n"
},
{
"path": ".gitignore",
"content": "### Ansible ###\n*.retry\n.ansible_cache\n.ansible\n\n### Python ###\n# Byte-compiled / optimized / DLL files\n.pytest_cache/\n__pycache__/\n*.py[cod]\n*$py.class\n\n### Molecule ###\n.tox\n.cache\n.molecule\n.vagrant\n\n#venv\nvenv\n"
},
{
"path": ".yamllint",
"content": "---\n# Based on ansible-lint config\nextends: default\n\nignore: |\n .tox/\n .git/\n .venv/\n venv/\n .cache/\n .pytest_cache/\n\nrules:\n braces:\n max-spaces-inside: 1\n level: error\n brackets:\n max-spaces-inside: 1\n level: error\n colons:\n max-spaces-after: -1\n level: error\n commas:\n max-spaces-after: -1\n level: error\n comments:\n min-spaces-from-content: 1\n comments-indentation: disable\n document-start: enable\n empty-lines:\n max: 3\n level: error\n hyphens:\n level: error\n indentation: enable\n key-duplicates: enable\n line-length: disable\n new-line-at-end-of-file: enable\n new-lines:\n type: unix\n octal-values:\n forbid-implicit-octal: true\n forbid-explicit-octal: true\n trailing-spaces: disable\n truthy:\n allowed-values: [\"true\", \"false\"]\n check-keys: false\n"
},
{
"path": "CHANGELOG.md",
"content": "## v1.10.0 (2026-02-24)\n\nNEW FEATURES:\n- Add role-level package state controls for PowerDNS, debug symbols, backend packages, and backend dependency packages:\n `pdns_package_state`, `pdns_debug_symbols_package_state`, `pdns_backends_packages_state`,\n `pdns_mysql_packages_state`, `pdns_pgsql_packages_state`, and `pdns_sqlite_package_state`.\n- Add role documentation section describing standard tags (`install`, `config`, `service`, `repository`).\n\nIMPROVEMENTS:\n- Add explicit task/handler tags across installation, repository, configuration, and service flows to support predictable partial runs.\n- Refactor MySQL, PostgreSQL, and SQLite database tasks into clearer management blocks with explicit package-state handling.\n- Improve role behavior when `pdns_package_state: absent` by skipping runtime configuration/service tasks while still allowing dependency/package removal paths.\n- Normalize defaults/documentation booleans (`true`/`false`) and fix minor typos.\n- Include `hostname` in the EL Molecule Docker image package set.\n\n## v1.9.0 (2026-02-23)\n\nNEW FEATURES:\n- Add configuration for flat files ([\\#79](https://github.com/PowerDNS/pdns-ansible/pull/79), @sorrowless)\n- Allow installation of custom scripts ([\\#210](https://github.com/PowerDNS/pdns-ansible/pull/210), @zerwes)\n- Add support and tests for Rocky Linux and AlmaLinux ([\\#209](https://github.com/PowerDNS/pdns-ansible/pull/209), @romeroalx)\n- Add pdns49 repository and CI ([\\#213](https://github.com/PowerDNS/pdns-ansible/pull/213), @npmdnl)\n- Add pdns50 repository and CI ([\\#247](https://github.com/PowerDNS/pdns-ansible/pull/247), @npmdnl)\n- Add PostgreSQL backend provisioning and Molecule coverage\n (based in [\\#216](https://github.com/PowerDNS/pdns-ansible/pull/216) @dtrdnk,\n [\\#211](https://github.com/PowerDNS/pdns-ansible/pull/211) @Exchizz,\n [\\#104](https://github.com/PowerDNS/pdns-ansible/pull/104) @commonism)\n- Add role-level toggles for PostgreSQL backend bootstrap (`pdns_pgsql_manage_database`, `pdns_pgsql_schema_load`, `pdns_pgsql_schema_on_first_node_only`)\n- Add role-level SELinux control via `pdns_manage_selinux` (enabled by default)\n- Add service masking support via `pdns_service_masked`\n- Add role verbosity toggle (`pdns_verbose`) to control redaction of sensitive SQL task logs\n- Add architecture-aware APT repository settings for Debian-family systems (`pdns_apt_repo_arch` map with `amd64`/`arm64`)\n\nIMPROVEMENTS:\n- Include `mysql_schema_file` in MySQL import task names ([\\#119](https://github.com/PowerDNS/pdns-ansible/pull/119), @zerwes)\n- Run MySQL database commands on the first node only for clustered setups ([\\#120](https://github.com/PowerDNS/pdns-ansible/pull/120), @zerwes)\n- Remove `nolog` from backend install while still hiding passwords in logs ([\\#175](https://github.com/PowerDNS/pdns-ansible/pull/175), @zerwes)\n- Update `pdns-master` CI configuration and replace Ubuntu Bionic with Focal ([\\#207](https://github.com/PowerDNS/pdns-ansible/pull/207), @romeroalx)\n- Update SQLite3 backend defaults ([\\#220](https://github.com/PowerDNS/pdns-ansible/pull/220), @kleini)\n- Fix CI request handling in GitHub Actions ([\\#221](https://github.com/PowerDNS/pdns-ansible/pull/221), @romeroalx)\n- Upgrade CI tests to newer `molecule` and `ansible-core` versions ([\\#230](https://github.com/PowerDNS/pdns-ansible/pull/230), @romeroalx)\n- Update examples after variable deprecations ([\\#240](https://github.com/PowerDNS/pdns-ansible/pull/240), @henkjan)\n- Add Deb822 APT repository support on Debian-family systems while keeping legacy `apt_repo` compatibility\n (based on [\\#242](https://github.com/PowerDNS/pdns-ansible/pull/242) @l00d3r,\n [\\#246](https://github.com/PowerDNS/pdns-ansible/pull/246) @joshsol1)\n- Bump `ansible-lint` to 6.18.0 ([\\#190](https://github.com/PowerDNS/pdns-ansible/pull/190), @dependabot[bot])\n- Rework MySQL bootstrap workflow for MySQL 8.4/9 and MariaDB compatibility:\n - socket/TCP selection with `pdns_mysql_query_use_socket` and `pdns_mysql_unix_socket`\n - configurable SQL CLI command/flags via `pdns_backends_mysql_cmd` and `pdns_mysql_cli_extra_args`\n - auth plugin and password-update controls via `pdns_mysql_auth_plugin` and `pdns_mysql_user_update_password`\n- Improve PostgreSQL bootstrap workflow with socket/TCP selection and first-node-only execution controls\n- Improve SQLite schema detection/import by supporting compressed schemas (`.gz`, `.xz`) and additional distro-specific paths\n- Improve PowerDNS version detection by parsing both stdout/stderr to handle plugin load noise\n- Consolidate OS variable loading order in role (`os_family` -> `distribution` -> major-version overrides)\n- Standardize service management on `ansible.builtin.systemd` and apt cache updates through handlers\n\nREMOVED / EOL:\n- Drop pdns46 repository (EOL) ([\\#208](https://github.com/PowerDNS/pdns-ansible/pull/208), @npmdnl)\n- Remove EOL CI targets RHEL 7, Debian 10, and Ubuntu 20.04; add Debian 11, Debian 12, and Ubuntu 24.04 ([\\#222](https://github.com/PowerDNS/pdns-ansible/pull/222), @romeroalx, [\\#243](https://github.com/PowerDNS/pdns-ansible/pull/243), @romeroalx)\n- Drop pdns47 repository (EOL) ([\\#247](https://github.com/PowerDNS/pdns-ansible/pull/247), @npmdnl)\n- Remove deprecated named-schema generation role components (`tasks/database-named.yml`, `templates/named.conf.j2`, `templates/named.zone.j2`)\n- Remove version-specific RedHat vars files in favor of consolidated `vars/RedHat.yml`\n\nBUG FIXES:\n- Reorder `selinux.yml` include to resolve issue #122 ([\\#123](https://github.com/PowerDNS/pdns-ansible/pull/123), @pixelrebel)\n- Add missing closing braces ([\\#172](https://github.com/PowerDNS/pdns-ansible/pull/172), @arjenz)\n- Fix logging for grant access task ([\\#195](https://github.com/PowerDNS/pdns-ansible/pull/195), @zerwes)\n- Fix `pdns-os-repos` CI tests ([\\#214](https://github.com/PowerDNS/pdns-ansible/pull/214), @romeroalx)\n- Add missing RHEL-family packages required for SELinux support ([\\#218](https://github.com/PowerDNS/pdns-ansible/pull/218), @vhsantos)\n- Move PowerDNS restart logic to handlers ([\\#244](https://github.com/PowerDNS/pdns-ansible/pull/244), @valiac)\n- Exclude local `.ansible` cache directory from linting ([\\#245](https://github.com/PowerDNS/pdns-ansible/pull/245), @valiac)\n- Fix SELinux DB-connect boolean activation for both MySQL and PostgreSQL backends (including multi-instance backend names)\n- Fix MySQL/MariaDB bootstrap on `caching_sha2_password` by adding required `python*-cryptography` dependencies in role defaults\n\n## v1.8.0 (2023-08-03)\n\nNEW FEATURES:\n- Added pdns48 repository and CI ([\\#180](https://github.com/PowerDNS/pdns-ansible/pull/180))\n- Added support for OL9 ([\\#145](https://github.com/PowerDNS/pdns-ansible/pull/145))\n- Added pdns47 repository and CI ([\\#135](https://github.com/PowerDNS/pdns-ansible/pull/135))\n- Replaced Centos8 with OL8 ([\\#133](https://github.com/PowerDNS/pdns-ansible/pull/133))\n- Added pdns46 repository and CI ([\\#117](https://github.com/PowerDNS/pdns-ansible/pull/117))\n\nIMPROVEMENTS:\n- Bump versions and various fixes in CI and README.md ([\\#179](https://github.com/PowerDNS/pdns-ansible/pull/179)\n- Bump versions in requirements.txt ([\\#144](https://github.com/PowerDNS/pdns-ansible/pull/144))\n- Removal of deprecation warning ([\\#121](https://github.com/PowerDNS/pdns-ansible/pull/121))\n- Do not restart all servers at once ([\\#109](https://github.com/PowerDNS/pdns-ansible/pull/109))\n- Prevent logging of password information ([\\#106](https://github.com/PowerDNS/pdns-ansible/pull/106))\n\nREMOVED FEATURES:\n- Drop pdns45, support for Debian 9 ([\\#179](https://github.com/PowerDNS/pdns-ansible/pull/179)) EOL\n- Drop Ansible v2.9 - v2.10 - v2.11 from CI and removed pdns43 and pdns44 ([\\#144](https://github.com/PowerDNS/pdns-ansible/pull/144)) for EOL\n\nBUG FIXES:\n- Add MySQL schema path with PowerDNS 4.6 and Rocky Linux 8 with EPEL package installation ([\\#114](https://github.com/PowerDNS/pdns-ansible/pull/114))\n\n## v1.7.0 (2021-07-01)\n\nNEW FEATURES:\n- Create directory, set the ownership and permissions for LMDB databases ([\\#95](https://github.com/PowerDNS/pdns-ansible/pull/95))\n- Add database schema file detection on the target system with override possibility ([\\#100](https://github.com/PowerDNS/pdns-ansible/pull/100))\n- Add 4.4 repositories ([\\#91](https://github.com/PowerDNS/pdns-ansible/pull/91))\n\nIMPROVEMENTS:\n- Use systemd task option `daemon_reload` instead of command task ([\\#90](https://github.com/PowerDNS/pdns-ansible/pull/90))\n\nREMOVED FEATURES:\n- Drop EL6 support ([\\#91](https://github.com/PowerDNS/pdns-ansible/pull/91), [\\#94](https://github.com/PowerDNS/pdns-ansible/pull/94))\n- Remove 4.1 and 4.2 repositories ([\\#101](https://github.com/PowerDNS/pdns-ansible/pull/101))\n\nBUG FIXES:\n- Re-instate molecule tests ([\\#100](https://github.com/PowerDNS/pdns-ansible/pull/100))\n\n## v1.6.1 (2020-10-01)\n\nBUG FIXES:\n- Ensure install does not fail when no overrides are defined ([\\#85](https://github.com/PowerDNS/pdns-ansible/pull/85))\n- Ensure that `ExecStart` is overridden, not appended to ([\\#86](https://github.com/PowerDNS/pdns-ansible/pull/86))\n\n## v1.6.0 (2020-09-18)\n\nBUG FIXES:\n- Fix path to MySQL schema for Debian 10 ([\\#73](https://github.com/PowerDNS/pdns-ansible/pull/73))\n\nIMPROVEMENTS:\n- Allow loading apt key from the ansible server ([\\#75](https://github.com/PowerDNS/pdns-ansible/pull/75))\n- CentOS 8 support ([\\#74](https://github.com/PowerDNS/pdns-ansible/pull/74), [\\#81](https://github.com/PowerDNS/pdns-ansible/pull/81))\n- Archlinux support ([\\#76](https://github.com/PowerDNS/pdns-ansible/pull/76))\n- Set the ownership and permissions for config files and databases ([\\#82](https://github.com/PowerDNS/pdns-ansible/pull/82))\n- Ensure PowerDNS is started as an unprivileged user by default (in line with PowerDNS 4.3+ behaviour)\n\n## v1.5.0 (2019-12-11)\n\nBUG FIXES:\n- - Fix the restart of the PowerDNS service in case of instances with different `pdns_service_name` being configured in the same play ([\\#70](https://github.com/PowerDNS/pdns-ansible/pull/70))\n\nIMPROVEMENTS:\n- Add support to the PowerDNS 4.3.x release ([\\#69](https://github.com/PowerDNS/pdns-ansible/pull/69))\n- Add support to the PowerDNS 4.2.x release ([\\#61](https://github.com/PowerDNS/pdns-ansible/pull/61))\n- Install missing SQLite packages ([\\#69](https://github.com/PowerDNS/pdns-ansible/pull/69))\n- Improved PowerDNS configuration files and directories permissions handling ([\\#69](https://github.com/PowerDNS/pdns-ansible/pull/69))\n- Stop interpreting 0 & 1 as no & yes in the PowerDNS configuration template ([\\#68](https://github.com/PowerDNS/pdns-ansible/pull/68))\n- Fix some strings comparisons and variable types issues reported by ansible-lint ([\\#66](https://github.com/PowerDNS/pdns-ansible/pull/66))\n- Update the CI infrastructure to test the role against the Ansible 2.7, 2.8 and 2.9 releases ([\\#67](https://github.com/PowerDNS/pdns-ansible/pull/67))\n- Update the CI infrastructure to stop testing against an EOL Ubuntu release ([\\#62](https://github.com/PowerDNS/pdns-ansible/pull/62))\n\n## v1.4.0 (2018-12-02)\n\nBUG FIXES:\n- Fix handling of lists expansion in the PowerDNS configuration template ([\\#55](https://github.com/PowerDNS/pdns-ansible/pull/55))\n\nNEW FEATURES:\n- Allow to disable automated restart of the service on configuration changes ([\\#54](https://github.com/PowerDNS/pdns-ansible/pull/54))\n\n## v1.3.0 (2018-07-13)\n\nNEW FEATURES:\n- Add support to systemd overrides definitions ([\\#53](https://github.com/PowerDNS/pdns-ansible/pull/53))\n\nIMPROVEMENTS:\n- Implement stricter `pdns_config_dir` and `pdns_config['include-dir']` folders permissions ([\\#53](https://github.com/PowerDNS/pdns-ansible/pull/53))\n- Improved documentation ([\\#52](https://github.com/PowerDNS/pdns-ansible/pull/52))\n- Update the CI infrastructure to use molecule 2.14.0 ([\\#51](https://github.com/PowerDNS/pdns-ansible/pull/51))\n- Improved test coverage of systemd support ([\\#49](https://github.com/PowerDNS/pdns-ansible/pull/49))\n\n## v1.2.1 (2018-04-06)\n\nBUG FIXES:\n- Fix the name of the PostgreSQL backend on RHEL\n\n## v1.2.0 (2018-04-05)\n\nNEW FEATURES:\n- Allow to install PowerDNS debug packages ([\\#47](https://github.com/PowerDNS/pdns-ansible/pull/47))\n\nIMPROVEMENTS:\n- Improved test-suite ([\\#47](https://github.com/PowerDNS/pdns-ansible/pull/47))\n- Improved config files permissions handling ([\\#45](https://github.com/PowerDNS/pdns-ansible/pull/45))\n\n## v1.1.0 (2017-11-25)\n\nIMPROVEMENTS:\n- Implement testing against multiple ansible versions with tox ([\\#43](https://github.com/PowerDNS/pdns-ansible/pull/43))\n\nBUG FIXES:\n- Fixed test cases and hardened file permissions ([\\#42](https://github.com/PowerDNS/pdns-ansible/pull/42))\n\n## v1.0.0 (2017-10-27)\n\nIMPROVEMENTS:\n- Implement sorting of the configuration options ([\\#35](https://github.com/PowerDNS/pdns-ansible/pull/35), [\\#37](https://github.com/PowerDNS/pdns-ansible/pull/37))\n\nBUG FIXES:\n- Fix the logic handling the different packages versions for Debian and CentOS ([\\#43](https://github.com/PowerDNS/pdns-ansible/pull/43))\n- Fix a few typos in the README file ([\\#39](https://github.com/PowerDNS/pdns-ansible/pull/39))\n\n## v0.1.1 (2017-10-10)\n\nNEW FEATURES:\n- Allow to pin the PowerDNS version to be installed ([\\#34](https://github.com/PowerDNS/pdns-ansible/pull/34))\n\nIMPROVEMENTS:\n- Add support to the PowerDNS 4.1.x release ([\\#33](https://github.com/PowerDNS/pdns-ansible/pull/33))\n- Fixing minor linter issues with whitespace ([\\#30](https://github.com/PowerDNS/pdns-ansible/pull/30))\n\nBUG FIXES:\n- Fix Ubuntu APT repositories pinning ([\\#32](https://github.com/PowerDNS/pdns-ansible/pull/32))\n\n## v0.1.0 (2017-06-27)\n\nInitial release.\n\nNEW FEATURES:\n- MySQL and SQLite databases initialization\n- PowerDNS installation and configuration with RHEL/CentOS and Debian/Ubuntu support\n- Continuous testing with TravisCI\n\nIMPROVEMENTS:\n- Switch to the MIT License ([\\#27](https://github.com/PowerDNS/pdns-ansible/pull/27))\n- Overall role refactoring ([\\#28](https://github.com/PowerDNS/pdns-ansible/pull/28))\n"
},
{
"path": "LICENSE",
"content": "MIT License\n\nCopyright (c) 2017 PowerDNS.COM BV\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n"
},
{
"path": "README.md",
"content": "# Ansible Role: PowerDNS Authoritative Server\n\n[](https://github.com/PowerDNS/pdns-ansible)\n[](https://opensource.org/licenses/MIT)\n[](https://galaxy.ansible.com/PowerDNS/pdns)\n[](https://github.com/PowerDNS/pdns-ansible/tags)\n\nAn Ansible role created by the folks behind PowerDNS to setup the [PowerDNS Authoritative Server](https://docs.powerdns.com/authoritative/).\n\n## Requirements\n\nAn Ansible 2.15 or higher installation.\n\n## Dependencies\n\nNone.\n\n## Role Variables\n\nAvailable variables are listed below, along with their default values (see `defaults/main.yml`):\n\n```yaml\npdns_install_repo: \"\"\n```\n\nBy default, the PowerDNS Authoritative Server is installed from the software repositories configured on the target hosts.\n\n```yaml\n# Install the PowerDNS Authoritative Server from the 'master' official repository\n- hosts: all\n roles:\n - { role: PowerDNS.pdns,\n pdns_install_repo: \"{{ pdns_auth_powerdns_repo_master }}\" }\n\n\n# Install the PowerDNS Authoritative Server from the '4.8.x' official repository\n- hosts: all\n roles:\n - { role: PowerDNS.pdns,\n pdns_install_repo: \"{{ pdns_auth_powerdns_repo_48 }}\" }\n\n# Install the PowerDNS Authoritative Server from the '4.9.x' official repository\n- hosts: all\n roles:\n - { role: PowerDNS.pdns,\n pdns_install_repo: \"{{ pdns_auth_powerdns_repo_49 }}\" }\n\n# Install the PowerDNS Authoritative Server from the '5.0.x' official repository\n- hosts: all\n roles:\n - { role: PowerDNS.pdns,\n pdns_install_repo: \"{{ pdns_auth_powerdns_repo_50 }}\" }\n```\n\nThe examples above, show how to install the PowerDNS Authoritative Server from the official PowerDNS repositories\n(see the complete list of pre-defined repos in `vars/main.yml`).\n\n```yaml\n- hosts: all\n vars:\n pdns_install_repo:\n name: \"powerdns\" # the name of the repository\n apt_repo_origin: \"example.com\" # used to pin the PowerDNS packages to the provided repository\n apt_version: \"auth-50\" # deb822 suites suffix (appended to release codename)\n apt_repo: \"deb http://example.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}/pdns main\"\n gpg_key: \"http://example.com/MYREPOGPGPUBKEY.asc\" # repository public GPG key\n gpg_key_id: \"MYREPOGPGPUBKEYID\" # to avoid to reimport the key each time the role is executed\n yum_repo_baseurl: \"http://example.com/centos/$basearch/$releasever/pdns\"\n yum_debug_symbols_repo_baseurl: \"http://example.com/centos/$basearch/$releasever/pdns/debug\"\n roles:\n - { role: PowerDNS.pdns }\n```\n\nIt is also possible to install the PowerDNS Authoritative Server from custom repositories as demonstrated in the example above.\n**Note:** These repositories are ignored on Arch Linux\n\nWhen `pdns_install_repo.apt_version` is set, this role configures Debian-family repositories using\n`ansible.builtin.deb822_repository` on supported releases (Ubuntu `>=22.04`, Debian `>=11`).\nIf `apt_version` is omitted, the legacy `apt_repo` string is used with `ansible.builtin.apt_repository`.\n\n```yaml\n pdns_install_epel: true\n```\n\nBy default, install EPEL to satisfy some PowerDNS Authoritative Server dependencies like `protobuf`.\nTo skip the installation of EPEL set `pdns_install_epel` to `false`.\n\n```yaml\npdns_package_name: \"{{ default_pdns_package_name }}\"\n```\n\nThe name of the PowerDNS Authoritative Server package, `pdns` on RedHat-like systems and `pdns-server` on Debian-like systems.\n\n```yaml\npdns_package_version: \"\"\n```\n\nOptionally, allow to set a specific version of the PowerDNS Authoritative Server package to be installed.\n\n```yaml\npdns_package_state: \"present\"\n```\n\nDesired package state for `pdns_package_name`. Supported values include `present`, `latest`, and `absent`.\nWhen set to `absent`, the role removes packages and skips runtime configuration tasks.\n\n```yaml\npdns_install_debug_symbols_package: false\n```\n\nInstall the PowerDNS Authoritative Server debug symbols.\n\n```yaml\npdns_debug_symbols_package_name: \"{{ default_pdns_debug_symbols_package_name }}\"\n```\n\nThe name of the PowerDNS Authoritative Server debug package to be installed when `pdns_install_debug_symbols_package` is `true`,\n`pdns-debuginfo` on RedHat-like systems and `pdns-server-dbg` on Debian-like systems.\n\n```yaml\npdns_debug_symbols_package_state: \"{{ pdns_package_state }}\"\n```\n\nDesired package state for the debug symbols package when it is managed by this role.\n\n```yaml\npdns_user: pdns\npdns_group: pdns\npdns_file_owner: root\npdns_file_group: \"{{ pdns_group }}\"\n```\n\nThe user and group the PowerDNS Authoritative Server process will run as.
\n**NOTE**: This role does not create the user or group as we assume that they've been created\nby the package or other roles.\n\n```yaml\npdns_service_name: \"pdns\"\n```\n\nName of the PowerDNS service.\n\n```yaml\npdns_service_state: \"started\"\npdns_service_enabled: true\npdns_service_masked: false\n```\n\nAllow to specify the desired state of the PowerDNS Authoritative Server service.\n\n```yaml\npdns_disable_handlers: false\n```\n\nDisable automated service restart on configuration changes.\n\n```yaml\npdns_manage_selinux: true\n```\n\nEnable management of SELinux booleans and ports on SELinux-enabled systems.\nSet to `false` to skip SELinux changes entirely.\n\n```yaml\npdns_config_dir: \"{{ default_pdns_config_dir }}\"\npdns_config_file: \"pdns.conf\"\n```\n\nPowerDNS Authoritative Server configuration file and directory.\n\n```yaml\npdns_config: {}\n```\n\nDictionary containing the PowerDNS Authoritative Server configuration.
\n**NOTE:** The PowerDNS backends configuration and the `config-dir`, `setuid` and `setgid` directives must be configured through the `pdns_user`, `pdns_group` and `pdns_backends` role variables (see `templates/pdns.conf.j2`).\nFor example:\n\n```yaml\npdns_config:\n primary: true\n secondary: false\n local-address: '192.0.2.53'\n local-ipv6: '2001:DB8:1::53'\n local-port: '5300'\n```\n\nconfigures PowerDNS Authoritative Server to listen incoming DNS requests on port 5300.\n\n```yaml\npdns_service_overrides:\n User: \"{{ pdns_user }}\"\n Group: \"{{ pdns_group }}\"\n```\n\nDict with overrides for the service (systemd only).\nThis can be used to change any systemd settings in the `[Service]` category.\n\n```yaml\npdns_backends_packages: \"{{ default_pdns_backends_packages }}\"\npdns_backends_packages_state: \"{{ pdns_package_state }}\"\npdns_backends:\n bind:\n config: '/dev/null'\n```\n\nDictionary declaring all the backends you'd like to enable. You can use\nmultiple backends of the same kind by using the `{backend}:{instance_name}` syntax.\nFor example:\n\n```yaml\npdns_backends:\n 'gmysql:one':\n 'user': root\n 'host': 127.0.0.1\n 'password': root\n 'dbname': pdns\n 'gmysql:two':\n 'user': pdns_user\n 'host': 192.0.2.15\n 'password': my_password\n 'dbname': dns\n 'bind':\n 'config': '/etc/named/named.conf'\n 'hybrid': true\n 'dnssec-db': '{{ pdns_config_dir }}/dnssec.db'\n```\n\nBy default this role starts just the bind-backend with an empty config file.\n`pdns_backends_packages_state` controls install/update/removal of backend packages.\n\n```yaml\npdns_config_additional_dirs: []\n```\n\nOptional list of directories created before `pdns_config_files` are copied.\nEach item can be either a path string or an object with `path`, `owner`, `group`, `mode`.\nFor example:\n\n```yaml\npdns_config_additional_dirs:\n - path: \"{{ pdns_config['include-dir'] }}\"\n mode: \"0775\"\n - \"{{ pdns_config_dir }}/zones\"\n - \"/var/lib/powerdns/rpz\"\n```\n\n```yaml\npdns_config_files: []\n```\n\nOptional list of files copied before the service is started.\nEach item must define `dest` and one of `src` or `content`.\n`dest` can be absolute or relative to `pdns_config_dir`.\nExecutable backend helper scripts should be shipped via this variable too\n(for example with `mode: \"0750\"`).\nFor example:\n\n```yaml\npdns_config_files:\n - src: files/pdns/named.conf\n dest: named.conf\n mode: \"0640\"\n - dest: pipe-backend.py\n mode: \"0750\"\n content: |\n #!/usr/bin/env python3\n print(\"example\")\n```\n\n```yaml\npdns_mysql_manage_database: true\npdns_mysql_databases_credentials: {}\npdns_mysql_query_use_socket: false\npdns_mysql_unix_socket: \"/var/run/mysqld/mysqld.sock\"\npdns_backends_mysql_cmd: \"{{ default_pdns_backends_mysql_cmd }}\"\npdns_mysql_cli_extra_args: \"{{ default_pdns_mysql_cli_extra_args }}\"\npdns_mysql_auth_plugin: \"\"\npdns_mysql_user_update_password: \"\"\npdns_mysql_packages: \"{{ default_pdns_mysql_packages }}\"\npdns_mysql_packages_state: \"present\"\n```\n\n`pdns_mysql_manage_database` controls whether this role performs MySQL/MariaDB bootstrap operations\n(database creation, user/grants management and schema checks/import).\nSet it to `false` for config-only mode.\n\nAdministrative credentials for the MySQL backend used to create the PowerDNS Authoritative Server databases and users.\nFor example:\n\n```yaml\npdns_mysql_databases_credentials:\n 'gmysql:one':\n 'priv_user': root\n 'priv_password': my_first_password\n 'priv_host':\n - \"localhost\"\n - \"%\"\n 'gmysql:two':\n 'priv_user': someprivuser\n 'priv_password': my_second_password\n 'priv_host':\n - \"localhost\"\n```\n\nNotice that this must only contain the credentials\nfor the `gmysql` backends provided in `pdns_backends`.\n\nWhen `pdns_mysql_query_use_socket` is set to `true`, role-internal MySQL operations\n(database/user creation and schema load checks/import) use the UNIX socket path defined by\n`pdns_mysql_unix_socket` instead of TCP host/port.\n`pdns_backends_mysql_cmd` and `pdns_mysql_cli_extra_args` control the MySQL/MariaDB CLI invocation used for schema checks/import.\n`pdns_mysql_packages` allows overriding OS-specific MySQL dependency package lists.\n`pdns_mysql_packages_state` controls install/update/removal of those dependency packages.\n\n```yaml\npdns_pgsql_manage_database: true\npdns_pgsql_databases_credentials: {}\npdns_pgsql_packages: \"{{ default_pdns_pgsql_packages }}\"\npdns_pgsql_packages_state: \"present\"\n```\n\n`pdns_pgsql_manage_database` controls whether this role performs PostgreSQL bootstrap operations\n(database/user creation and schema checks/import).\nSet it to `false` for config-only mode.\n\nAdministrative credentials for the PostgreSQL backend used to create the PowerDNS Authoritative Server databases and users.\nFor example:\n\n```yaml\npdns_pgsql_databases_credentials:\n 'gpgsql:one':\n priv_user: postgres\n priv_password: my_first_password\n```\n\nNotice that this must only contain the credentials\nfor the `gpgsql` backends provided in `pdns_backends`.\n\n```yaml\npdns_pgsql_query_use_socket: false\npdns_pgsql_unix_socket: \"/var/run/postgresql\"\n```\n\nWhen `pdns_pgsql_query_use_socket` is set to `true`, role-internal PostgreSQL operations\n(database/user creation and schema load checks/import) use the UNIX socket path defined by\n`pdns_pgsql_unix_socket` instead of TCP host/port.\n`pdns_pgsql_packages` allows overriding OS-specific PostgreSQL dependency package lists.\n`pdns_pgsql_packages_state` controls install/update/removal of those dependency packages.\n\n```yaml\npdns_sqlite_databases_locations: []\n```\n\nLocations of the SQLite3 databases that have to be created if using the\n`gsqlite3` backend.\n\n```yaml\npdns_sqlite_package_state: \"present\"\n```\n\nDesired package state for the SQLite CLI dependency used during schema bootstrap.\n\n```yaml\npdns_lmdb_databases_locations: []\n```\n\nLocations of the LMDB databases that have to be created if using the\n`lmdb` backend.\n\nLocations of the mysql, pgsql and sqlite3 base schema.\nWhen set, this value is used and they are not automatically detected.\n```yaml\npdns_mysql_schema_load: true\npdns_mysql_schema_file: ''\npdns_mysql_schema_on_first_node_only: true\n\npdns_pgsql_schema_load: true\npdns_pgsql_schema_file: ''\npdns_pgsql_schema_on_first_node_only: true\n\npdns_sqlite_schema_file: ''\n```\n\n`pdns_mysql_schema_load` and `pdns_pgsql_schema_load` only control schema check/import tasks.\nWhen SQL bootstrap is enabled (`pdns_mysql_manage_database` / `pdns_pgsql_manage_database`) and\nadministrative credentials are provided, user/database creation still runs even if schema load is disabled.\n\n`pdns_mysql_schema_on_first_node_only` and `pdns_pgsql_schema_on_first_node_only` control\ncluster bootstrap execution for shared SQL backends (database/user/grants/schema import).\n\n```yaml\npdns_verbose: \"{{ ansible_verbosity | int >= 2 }}\"\n```\n\nEnable verbose/debug role behavior. This currently controls whether sensitive SQL task details\nare hidden in logs (`false`) or visible for troubleshooting (`true`).\n\n## Role Tags\n\nThis role uses the following standard tags so filtered runs stay predictable with `--tags` / `--skip-tags`:\n\n- `install`: package/module installation or software provisioning.\n- `config`: configuration/state changes (templates, files, directories, settings, data bootstrap).\n- `service`: service state management and service-related handlers.\n- `repository`: repository/key/pinning setup and repository cache refresh.\n\nSome prerequisite tasks intentionally have multiple tags (for example `install` + `repository`,\nor `install` + `config`) so filtered runs include the dependencies required by the selected path.\n\n## Example Playbooks\n\nRun as a primary using the bind backend (when you already have a `named.conf` file):\n\n```yaml\n- hosts: ns1.example.net\n roles:\n - { role: PowerDNS.pdns }\n vars:\n pdns_config:\n primary: true\n local-address: '192.0.2.53'\n pdns_backends:\n bind:\n config: '/etc/named/named.conf'\n```\n\nInstall the latest '50' build of PowerDNS Authoritative Server enabling the MySQL backend.\nProvides also the MySQL administrative credentials to automatically create and initialize the PowerDNS Authoritative Server user and database:\n\n```yaml\n- hosts: ns2.example.net\n roles:\n - { role: PowerDNS.pdns }\n vars:\n pdns_config:\n primary: true\n secondary: false\n local-address: '192.0.2.77'\n pdns_backends:\n gmysql:\n host: 192.0.2.120\n port: 3306\n user: powerdns\n password: P0w3rDn5\n dbname: pdns\n pdns_mysql_databases_credentials:\n gmysql:\n priv_user: root\n priv_password: myrootpass\n priv_host:\n - \"%\"\n pdns_install_repo: \"{{ pdns_auth_powerdns_repo_50 }}\"\n```\n\n**NOTE:** In this case the role will use the credentials provided in `pdns_mysql_databases_credentials` to automatically create and initialize the user (`user`, `password`) and database (`dbname`) connecting to the MySQL server (`host`, `port`).\n\nConfigure PowerDNS Authoritative Server in 'primary' mode reading zones from two different PostgreSQL databases:\n\n```yaml\n- hosts: ns2.example.net\n roles:\n - { role: PowerDNS.pdns }\n vars:\n pdns_config:\n primary: true\n local-port: 5300\n local-address: '192.0.2.111'\n pdns_backends:\n 'gpgsql:serverone':\n host: 192.0.2.124\n user: powerdns\n password: P0w3rDn5\n dbname: pdns2\n 'gpgsql:otherserver':\n host: 192.0.2.125\n user: root\n password: root\n dbname: dns\n```\n\nConfigure PowerDNS Authoritative Server to run with the `gsqlite3` backend.\nThe SQLite database will be created and initialized by the role\nin the location specified by the `database_name` variable.\n\n```yaml\n- hosts: ns4.example.net\n roles:\n - { role: PowerDNS.pdns }\n vars:\n database_name: '/var/lib/powerdns/pdns.sqlite3'\n pdns_config:\n primary: true\n secondary: false\n local-address: '192.0.2.73'\n pdns_backends:\n gsqlite3:\n database: \"{{ database_name }}\"\n dnssec: true\n pdns_sqlite_databases_locations:\n - \"{{ database_name }}\"\n```\n\n## Changelog\n\nA detailed changelog of all the changes applied to the role is available [here](./CHANGELOG.md).\n\n## Testing\n\nTests are performed by [Molecule](http://molecule.readthedocs.org/en/latest/).\n\n $ pip install tox\n\nTo test all the scenarios run\n\n $ tox\n\nTo run a custom molecule command\n\n $ tox -e ansible216 -- molecule test -s pdns-50\n\nThe Molecule backend matrix validates LMDB, SQLite3, MySQL, MariaDB, BIND and PostgreSQL instance profiles.\n\n## License\n\nMIT\n"
},
{
"path": "defaults/main.yml",
"content": "---\n\n# By default, no PowerDNS Authoritative Server repository will be configured by the role\npdns_install_repo: \"\"\n\n# To install the PowerDNS Authoritative Server from the 'master' official repository\n# use the following playbook snippet\n# - hosts: all\n# roles:\n# - { role: PowerDNS.pdns,\n# pdns_install_repo: \"{{ pdns_auth_powerdns_repo_master }}\" }\n#\n# To install the PowerDNS Authoritative Server from the '4.8.x' official repository\n# use the following playbook snippet\n# - hosts: all\n# roles:\n# - { role: PowerDNS.pdns,\n# pdns_install_repo: \"{{ pdns_auth_powerdns_repo_48 }}\" }\n\n# To install the PowerDNS Authoritative Server from the '4.9.x' official repository\n# use the following playbook snippet\n# - hosts: all\n# roles:\n# - { role: PowerDNS.pdns,\n# pdns_install_repo: \"{{ pdns_auth_powerdns_repo_49 }}\" }\n\n# To install the PowerDNS Authoritative Server from the '5.0.x' official repository\n# use the following playbook snippet\n# - hosts: all\n# roles:\n# - { role: PowerDNS.pdns,\n# pdns_install_repo: \"{{ pdns_auth_powerdns_repo_50 }}\" }\n#\n# To make this role configure a custom repository and install the\n# PowerDNS Authoritative Server from it override the `pdns_install_repo` variable\n# as follows\n# - hosts: all\n# vars:\n# pdns_install_repo:\n# apt_repo_origin: \"example.com\" # Pin the PowerDNS packages to the provided repository origin\n# apt_version: \"auth-50\" # Deb822 suite suffix (appended to release codename, Ubuntu >=22.04 / Debian >=11)\n# apt_repo: \"deb http://example.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}/pdns main\"\n# gpg_key: \"http://example.com/MYREPOGPGPUBKEY.asc\" # repository public GPG key\n# gpg_key_id: \"MYREPOGPGPUBKEYID\" # to avoid to reimport the key each time the role is executed\n# yum_repo_baseurl: \"http://example.com/centos/$basearch/$releasever/pdns\"\n# name: \"powerdns\" # the name of the repository\n# roles:\n# - { role: PowerDNS.pdns }\n\n# Install the EPEL repository.\n# EPEL is needed to satisfy some PowerDNS Authoritative Server dependencies like protobuf\npdns_install_epel: true\n\n# The name of the PowerDNS Authoritative Server package\npdns_package_name: \"{{ default_pdns_package_name }}\"\n\n# Install a specific version of the PowerDNS Authoritative Server package\n# NB: The usage of this variable makes only sense on RedHat-like systems,\n# where each YUM repository can contains multiple versions of the same package.\npdns_package_version: \"\"\n\n# Desired state of the PowerDNS Authoritative Server package.\n# Supported values include present, latest and absent.\npdns_package_state: \"present\"\n\n# Install the PowerDNS Authoritative Server debug symbols package\npdns_install_debug_symbols_package: false\n\n# The name of the PowerDNS Authoritative Server debug symbols package\npdns_debug_symbols_package_name: \"{{ default_pdns_debug_symbols_package_name }}\"\n\n# Desired state of the debug symbols package when managed by this role.\n# Supported values include present, latest and absent.\npdns_debug_symbols_package_state: \"{{ pdns_package_state }}\"\n\n# The user and group the PowerDNS Authoritative Server process will run as.\n# NOTE: at the moment, we don't create a user as we assume the package creates\n# a \"pdns\" user and group. If you change these variables, make sure to create\n# the user and groups before applying this role\npdns_user: \"pdns\"\npdns_group: \"pdns\"\npdns_file_owner: \"root\"\npdns_file_group: \"{{ pdns_group }}\"\n\n# Name of the PowerDNS Authoritative Server Service\npdns_service_name: \"pdns\"\n\n# State of the PowerDNS Authoritative Server service\npdns_service_state: \"started\"\npdns_service_enabled: true\npdns_service_masked: false\n\n# When True, disable the automated restart of the PowerDNS service\npdns_disable_handlers: false\n\n# When true, manage SELinux booleans and ports on SELinux-enabled systems.\npdns_manage_selinux: true\n\n# PowerDNS Authoritative Server configuration file and directory\npdns_config_dir: \"{{ default_pdns_config_dir }}\"\npdns_config_file: \"pdns.conf\"\n\n# Dict containing all configuration options, except for backend\n# configuration and the \"config-dir\", \"setuid\" and \"setgid\" directives.\npdns_config: {}\n# pdns_config:\n# primary: true\n# secondary: false\n# local-address: '192.0.2.53'\n# local-ipv6: '2001:DB8:1::53'\n# local-port: '5300'\n\n# Dict with overrides for the service (systemd only)\npdns_service_overrides: \"{{ default_pdns_service_overrides }}\"\n# pdns_service_overrides:\n# LimitNOFILE: 10000\n\n# Dictionary of packages that should be installed to enable the backends.\n# backendname: packagename\npdns_backends_packages: \"{{ default_pdns_backends_packages }}\"\n\n# Desired state of backend packages.\n# Supported values include present, latest and absent.\npdns_backends_packages_state: \"{{ pdns_package_state }}\"\n\n# A dict with all the backends you'd like to configure.\n# This default starts just the bind-backend with an empty config file\npdns_backends:\n bind:\n config: '/dev/null'\n# pdns_backends:\n# 'gmysql:one':\n# 'user': root\n# 'host': 127.0.0.1\n# 'password': root\n# 'dbname': pdns\n# 'gmysql:two':\n# 'user': pdns_user\n# 'host': 192.0.2.15\n# 'port': 3307\n# 'password': my_password\n# 'dbname': dns\n# 'bind':\n# 'config': '/etc/named/named.conf'\n# 'hybrid': true\n# 'check-interval': 60\n# 'dnssec-db': '{{ pdns_config_dir }}/dnssec.db'\n\n# Additional directories to create before writing pdns_config_files.\n# Each item can be:\n# - a string path\n# - or a dict with path/owner/group/mode\n#\n# Examples:\n# pdns_config_additional_dirs:\n# - path: \"{{ pdns_config['include-dir'] }}\"\n# mode: \"0775\"\n# - \"{{ pdns_config_dir }}/zones\"\n# - \"/var/lib/powerdns/rpz\"\npdns_config_additional_dirs: []\n\n# Files to copy into the PowerDNS configuration directory.\n# Each item supports:\n# - src: path on the controller\n# - content: inline file content\n# - dest: destination path (absolute, or relative to pdns_config_dir)\n# - owner/group/mode: optional file attributes\n# - dir_owner/dir_group/dir_mode: optional parent directory attributes\n#\n# Examples:\n# pdns_config_files:\n# - src: files/pdns/my-named.conf\n# dest: named.conf\n# mode: \"0640\"\n# - dest: pipe-backend.py\n# mode: \"0750\"\n# content: |\n# #!/usr/bin/env python3\n# print(\"backend\")\npdns_config_files: []\n\n# Enable role-managed MySQL backend bootstrap tasks.\n# When false, the role will only write gmysql backend settings in pdns.conf and won't connect to MySQL/MariaDB.\npdns_mysql_manage_database: true\n\n# Administrative credentials to create the PowerDNS Authoritative Server MySQL backend database and user.\npdns_mysql_databases_credentials: {}\n# pdns_mysql_databases_credentials:\n# 'gmysql:one':\n# 'priv_user': root\n# 'priv_password': my_first_password\n# 'priv_host':\n# - \"localhost\"\n# - \"%\"\n# 'gmysql:two':\n# 'priv_user': someprivuser\n# 'priv_password': my_second_password\n# 'priv_host':\n# - \"localhost\"\n\n# Use a UNIX socket for role-internal MySQL operations (db create, grants, schema checks/import).\npdns_mysql_query_use_socket: false\n\n# Packages needed to install MySQL dependencies.\n# By default, OS-specific vars files provide the actual package list.\npdns_mysql_packages: \"{{ default_pdns_mysql_packages }}\"\n\n# Desired state of MySQL dependency packages.\n# Supported values include present, latest and absent.\npdns_mysql_packages_state: \"{{ pdns_package_state }}\"\n\n# UNIX socket path used when pdns_mysql_query_use_socket is true.\npdns_mysql_unix_socket: \"/var/run/mysqld/mysqld.sock\"\n\n# MySQL/MariaDB CLI command used for schema checks/import.\npdns_backends_mysql_cmd: \"{{ default_pdns_backends_mysql_cmd }}\"\n\n# Additional arguments appended to the MySQL/MariaDB CLI command used for schema checks/import.\npdns_mysql_cli_extra_args: \"{{ default_pdns_mysql_cli_extra_args }}\"\n\n# Authentication plugin used for created/granted MySQL users.\n# Keep empty to let the module use legacy password flow (mysql_native_password path).\n# Set to caching_sha2_password for MySQL 8.4/9+ servers where mysql_native_password is unavailable.\npdns_mysql_auth_plugin: \"\"\n\n# Password update strategy for mysql_user task.\n# Accepted values: always, on_create, on_new_username.\n# Keep empty for role defaults:\n# - on_create when pdns_mysql_auth_plugin is set\n# - always when pdns_mysql_auth_plugin is empty\npdns_mysql_user_update_password: \"\"\n\n# Enable role-managed PostgreSQL backend bootstrap tasks.\n# When false, the role will only write gpgsql backend settings in pdns.conf and won't connect to PostgreSQL.\npdns_pgsql_manage_database: true\n\n# Administrative credentials to create the PowerDNS Authoritative Server PostgreSQL backend database and user.\npdns_pgsql_databases_credentials: {}\n# pdns_pgsql_databases_credentials:\n# gpgsql:\n# priv_user: postgres\n# priv_password: my_privileged_password\n\n# Use a UNIX socket for role-internal PostgreSQL operations (db create, schema checks/import).\npdns_pgsql_query_use_socket: false\n\n# Packages needed to install PostgreSQL dependencies.\n# By default, OS-specific vars files provide the actual package list.\npdns_pgsql_packages: \"{{ default_pdns_pgsql_packages }}\"\n\n# Desired state of PostgreSQL dependency packages.\n# Supported values include present, latest and absent.\npdns_pgsql_packages_state: \"{{ pdns_package_state }}\"\n\n# UNIX socket path used when pdns_pgsql_query_use_socket is true.\npdns_pgsql_unix_socket: \"/var/run/postgresql\"\n\n# This will create the PowerDNS Authoritative Server backend SQLite database\n# in the given locations.\n# NOTE: Requires the SQLite CLI tools to be available in the machine and the gsqlite3\n# backend to be installed on the machine.\npdns_sqlite_databases_locations: []\n\n# Desired state of the SQLite CLI dependency package.\n# Supported values include present, latest and absent.\npdns_sqlite_package_state: \"{{ pdns_package_state }}\"\n\n# This will create the PowerDNS Authoritative Server backend LMDB database\n# in the given locations.\n# NOTE: Requires lmdb backend to be installed on the machine.\npdns_lmdb_databases_locations: []\n\n# By default, we'll load the MySQL default schema. Set this to false to disable loading the schema\n# (e.g. when importing your own dump later on).\n# NOTE: This controls only schema check/import. User/database creation and grants are still executed\n# when pdns_mysql_manage_database is true and administrative credentials are provided.\npdns_mysql_schema_load: true\n\n# Override the schema used to initialize the MySQL database\n# By default, this role tries to detect the correct file\npdns_mysql_schema_file: \"\"\n\n# Run MySQL backend bootstrap tasks only on first node?\n# This includes database creation, grants and schema import.\n# This should be used if you install pdns on a cluster\npdns_mysql_schema_on_first_node_only: true\n\n# By default, we'll load the PostgreSQL default schema. Set this to false to disable loading the schema\n# (e.g. when importing your own dump later on).\n# NOTE: This controls only schema check/import. User/database creation is still executed\n# when pdns_pgsql_manage_database is true and administrative credentials are provided.\npdns_pgsql_schema_load: true\n\n# Override the schema used to initialize the PostgreSQL database\n# By default, this role tries to detect the correct file\npdns_pgsql_schema_file: \"\"\n\n# Run pgsql backend bootstrap tasks only on first node?\n# This includes database/user creation and schema import.\n# This should be used if you install pdns on a cluster\npdns_pgsql_schema_on_first_node_only: true\n\n# Override the schema used to initialize the SQLite database\n# By default, this role tries to detect the correct file\npdns_sqlite_schema_file: \"\"\n\n# Set debug mode flag from Ansible verbosity\npdns_verbose: \"{{ ansible_verbosity | int >= 2 }}\"\n"
},
{
"path": "handlers/main.yml",
"content": "---\n- name: Reload systemd\n ansible.builtin.systemd:\n daemon_reload: true\n listen: reload systemd\n when: not pdns_disable_handlers\n tags:\n - service\n\n- name: Restart PowerDNS\n ansible.builtin.systemd:\n name: \"{{ pdns_service_name }}\"\n state: restarted\n listen: restart pdns\n when:\n - not pdns_disable_handlers\n - pdns_service_state != 'stopped'\n tags:\n - service\n\n- name: Update the apt cache\n ansible.builtin.apt:\n update_cache: true\n listen: update the apt cache\n tags:\n - install\n - repository\n"
},
{
"path": "meta/main.yml",
"content": "---\n\ngalaxy_info:\n role_name: \"pdns\"\n namespace: \"powerdns\"\n author: PowerDNS Engineering Team\n description: Install and configure the PowerDNS Authoritative DNS Server\n company: PowerDNS.COM BV\n license: MIT\n min_ansible_version: \"2.15\"\n platforms:\n - name: EL\n versions:\n - \"8\"\n - \"9\"\n - \"10\"\n - name: Debian\n versions:\n - bullseye\n - bookworm\n - trixie\n - name: Ubuntu\n versions:\n - focal\n - jammy\n - noble\n - name: ArchLinux\n galaxy_tags:\n - system\n - dns\n - pdns\n - powerdns\n - auth\n"
},
{
"path": "molecule/pdns-48/converge.yml",
"content": "---\n\n- name: PowerDNS 4.8.x LMDB default instance\n hosts: pdns\n vars_files:\n - ../resources/vars/pdns-common.yml\n - ../resources/vars/pdns-repo-48.yml\n - ../resources/vars/pdns-backend-lmdb.yml\n vars:\n pdns_service_name: \"{{ pdns_instance.service_name }}\"\n pdns_service_enabled: \"{{ pdns_instance.service_enabled }}\"\n pdns_config_file: \"{{ pdns_instance.config_file }}\"\n pdns_config: >-\n {{ pdns_config_common\n | combine(pdns_instance.config_overrides | default({}), recursive=true)\n | combine(pdns_config_overrides_lmdb | default({}), recursive=true) }}\n roles:\n - { role: powerdns.pdns }\n post_tasks:\n - name: Check if the LMDB instance zone exists\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} list-zone {{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_check\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: false\n failed_when: false\n\n - name: Provision the LMDB instance zone\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} create-zone {{ pdns_instance.zone }} ns1.{{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_created\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: _pdns_backend_zone_check.rc != 0\n notify: Restart the LMDB instance service\n when: _pdns_backend_zone_check.rc != 0\n handlers:\n - name: Restart the LMDB instance service\n ansible.builtin.systemd:\n name: \"{{ pdns_instance.service_name }}\"\n state: restarted\n\n- name: PowerDNS 4.8.x SQLite instance\n hosts: pdns\n vars_files:\n - ../resources/vars/pdns-common.yml\n - ../resources/vars/pdns-repo-48.yml\n - ../resources/vars/pdns-backend-sqlite3.yml\n vars:\n pdns_service_name: \"{{ pdns_instance.service_name }}\"\n pdns_service_enabled: \"{{ pdns_instance.service_enabled }}\"\n pdns_config_file: \"{{ pdns_instance.config_file }}\"\n pdns_config: >-\n {{ pdns_config_common\n | combine(pdns_instance.config_overrides | default({}), recursive=true)\n | combine(pdns_config_overrides_sqlite3 | default({}), recursive=true) }}\n roles:\n - { role: powerdns.pdns }\n post_tasks:\n - name: Check if the SQLite instance zone exists\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} list-zone {{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_check\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: false\n failed_when: false\n\n - name: Provision the SQLite instance zone\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} create-zone {{ pdns_instance.zone }} ns1.{{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_created\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: _pdns_backend_zone_check.rc != 0\n notify: Restart the SQLite instance service\n when: _pdns_backend_zone_check.rc != 0\n handlers:\n - name: Restart the SQLite instance service\n ansible.builtin.systemd:\n name: \"{{ pdns_instance.service_name }}\"\n state: restarted\n\n- name: PowerDNS 4.8.x MySQL instance\n hosts: pdns\n vars_files:\n - ../resources/vars/pdns-common.yml\n - ../resources/vars/pdns-repo-48.yml\n - ../resources/vars/pdns-backend-mysql.yml\n vars:\n pdns_service_name: \"{{ pdns_instance.service_name }}\"\n pdns_service_enabled: \"{{ pdns_instance.service_enabled }}\"\n pdns_config_file: \"{{ pdns_instance.config_file }}\"\n pdns_config: >-\n {{ pdns_config_common\n | combine(pdns_instance.config_overrides | default({}), recursive=true)\n | combine(pdns_config_overrides_mysql | default({}), recursive=true) }}\n roles:\n - { role: powerdns.pdns }\n post_tasks:\n - name: Check if the MySQL instance zone exists\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} list-zone {{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_check\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: false\n failed_when: false\n\n - name: Provision the MySQL instance zone\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} create-zone {{ pdns_instance.zone }} ns1.{{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_created\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: _pdns_backend_zone_check.rc != 0\n notify: Restart the MySQL instance service\n when: _pdns_backend_zone_check.rc != 0\n handlers:\n - name: Restart the MySQL instance service\n ansible.builtin.systemd:\n name: \"{{ pdns_instance.service_name }}\"\n state: restarted\n\n- name: PowerDNS 4.8.x MariaDB instance\n hosts: pdns\n vars_files:\n - ../resources/vars/pdns-common.yml\n - ../resources/vars/pdns-repo-48.yml\n - ../resources/vars/pdns-backend-mariadb.yml\n vars:\n pdns_service_name: \"{{ pdns_instance.service_name }}\"\n pdns_service_enabled: \"{{ pdns_instance.service_enabled }}\"\n pdns_config_file: \"{{ pdns_instance.config_file }}\"\n pdns_config: >-\n {{ pdns_config_common\n | combine(pdns_instance.config_overrides | default({}), recursive=true)\n | combine(pdns_config_overrides_mariadb | default({}), recursive=true) }}\n roles:\n - { role: powerdns.pdns }\n post_tasks:\n - name: Check if the MariaDB instance zone exists\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} list-zone {{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_check\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: false\n failed_when: false\n\n - name: Provision the MariaDB instance zone\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} create-zone {{ pdns_instance.zone }} ns1.{{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_created\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: _pdns_backend_zone_check.rc != 0\n notify: Restart the MariaDB instance service\n when: _pdns_backend_zone_check.rc != 0\n handlers:\n - name: Restart the MariaDB instance service\n ansible.builtin.systemd:\n name: \"{{ pdns_instance.service_name }}\"\n state: restarted\n\n- name: PowerDNS 4.8.x Bind instance\n hosts: pdns\n vars_files:\n - ../resources/vars/pdns-common.yml\n - ../resources/vars/pdns-repo-48.yml\n - ../resources/vars/pdns-backend-bind.yml\n vars:\n pdns_service_name: \"{{ pdns_instance.service_name }}\"\n pdns_service_enabled: \"{{ pdns_instance.service_enabled }}\"\n pdns_config_file: \"{{ pdns_instance.config_file }}\"\n pdns_config: >-\n {{ pdns_config_common\n | combine(pdns_instance.config_overrides | default({}), recursive=true)\n | combine(pdns_config_overrides_bind | default({}), recursive=true) }}\n roles:\n - { role: powerdns.pdns }\n\n- name: PowerDNS 4.8.x PostgreSQL instance\n hosts: pdns\n vars_files:\n - ../resources/vars/pdns-common.yml\n - ../resources/vars/pdns-repo-48.yml\n - ../resources/vars/pdns-backend-postgresql.yml\n vars:\n pdns_service_name: \"{{ pdns_instance.service_name }}\"\n pdns_service_enabled: \"{{ pdns_instance.service_enabled }}\"\n pdns_config_file: \"{{ pdns_instance.config_file }}\"\n pdns_config: >-\n {{ pdns_config_common\n | combine(pdns_instance.config_overrides | default({}), recursive=true)\n | combine(pdns_config_overrides_pgsql | default({}), recursive=true) }}\n roles:\n - { role: powerdns.pdns }\n post_tasks:\n - name: Check if the PostgreSQL instance zone exists\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} list-zone {{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_check\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: false\n failed_when: false\n\n - name: Provision the PostgreSQL instance zone\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} create-zone {{ pdns_instance.zone }} ns1.{{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_created\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: _pdns_backend_zone_check.rc != 0\n notify: Restart the PostgreSQL instance service\n when: _pdns_backend_zone_check.rc != 0\n handlers:\n - name: Restart the PostgreSQL instance service\n ansible.builtin.systemd:\n name: \"{{ pdns_instance.service_name }}\"\n state: restarted\n\n- name: PowerDNS 4.8.x Hide default service\n hosts: pdns\n vars:\n pdns_service_state: \"stopped\"\n pdns_service_enabled: \"no\"\n pdns_service_masked: true\n roles:\n - { role: powerdns.pdns }\n"
},
{
"path": "molecule/pdns-48/molecule.yml",
"content": "---\n\nscenario:\n name: pdns-48\n\ndriver:\n name: docker\n\ndependency:\n name: galaxy\n\nplatforms:\n - name: rockylinux-8\n groups: [\"pdns\"]\n image: rockylinux:8\n dockerfile_tpl: el-systemd\n\n - name: rockylinux-9\n groups: [\"pdns\"]\n image: rockylinux:9\n dockerfile_tpl: el-systemd\n\n - name: almalinux-8\n groups: [\"pdns\"]\n image: almalinux:8\n dockerfile_tpl: el-systemd\n\n - name: almalinux-9\n groups: [\"pdns\"]\n image: almalinux:9\n dockerfile_tpl: el-systemd\n\n - name: oraclelinux-8\n groups: [\"pdns\"]\n image: oraclelinux:8\n dockerfile_tpl: el-systemd\n\n - name: oraclelinux-9\n groups: [\"pdns\"]\n image: oraclelinux:9\n dockerfile_tpl: el-systemd\n\n - name: ubuntu-2204\n groups: [\"pdns\"]\n image: ubuntu:22.04\n dockerfile_tpl: debian-systemd\n\n - name: debian-11\n groups: [\"pdns\"]\n image: debian:11\n dockerfile_tpl: debian-systemd\n\n - name: debian-12\n groups: [\"pdns\"]\n image: debian:12\n dockerfile_tpl: debian-systemd\n\n # In order to run the tests we need\n # a MySQL container to be up & running\n - name: mysql\n image: mysql:8.4.8\n env:\n MYSQL_ROOT_PASSWORD: pdns\n MYSQL_ROOT_HOST: '%'\n # Declaring the container as service,\n # will link it to the others Platforms containers\n # on creation.\n is_service: true\n\n # Additional service for gmysql tests against MariaDB 10.6\n - name: mariadb\n image: mariadb:10.6\n env:\n MARIADB_ROOT_PASSWORD: pdns\n MARIADB_ROOT_HOST: '%'\n is_service: true\n\n # PostgreSQL service for gpgsql backend tests\n - name: postgresql\n image: postgres:16\n env:\n POSTGRES_PASSWORD: pdns\n is_service: true\n\nprovisioner:\n name: ansible\n options:\n diff: true\n v: true\n config_options:\n defaults:\n gathering: smart\n fact_caching: jsonfile\n fact_caching_connection: .ansible_cache\n fact_caching_timeout: 7200\n ssh_connection:\n pipelining: true\n playbooks:\n # cleanup: ../resources/cleanup.yml\n create: ../resources/create.yml\n destroy: ../resources/destroy.yml\n prepare: ../resources/prepare.yml\n lint: ansible-lint\n\nlint: yamllint defaults tasks meta vars\n\nverifier:\n name: testinfra\n options:\n hosts: \"pdns\"\n vvv: true\n directory: ../resources/tests/all\n additional_files_or_dirs:\n # path relative to 'directory'\n - ../repo-48/\n - ../backend-sqlite/\n - ../backend-lmdb/\n - ../backend-mysql/\n - ../backend-mariadb/\n - ../backend-postgresql/\n - ../backend-bind/\n - ../backend-zones/\n - ../service-mask/\n - ../systemd-override/\n"
},
{
"path": "molecule/pdns-49/converge.yml",
"content": "---\n\n- name: PowerDNS 4.9.x LMDB default instance\n hosts: pdns\n vars_files:\n - ../resources/vars/pdns-common.yml\n - ../resources/vars/pdns-repo-49.yml\n - ../resources/vars/pdns-backend-lmdb.yml\n vars:\n pdns_service_name: \"{{ pdns_instance.service_name }}\"\n pdns_service_enabled: \"{{ pdns_instance.service_enabled }}\"\n pdns_config_file: \"{{ pdns_instance.config_file }}\"\n pdns_config: >-\n {{ pdns_config_common\n | combine(pdns_instance.config_overrides | default({}), recursive=true)\n | combine(pdns_config_overrides_lmdb | default({}), recursive=true) }}\n roles:\n - { role: powerdns.pdns }\n post_tasks:\n - name: Check if the LMDB instance zone exists\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} list-zone {{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_check\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: false\n failed_when: false\n\n - name: Provision the LMDB instance zone\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} create-zone {{ pdns_instance.zone }} ns1.{{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_created\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: _pdns_backend_zone_check.rc != 0\n notify: Restart the LMDB instance service\n when: _pdns_backend_zone_check.rc != 0\n handlers:\n - name: Restart the LMDB instance service\n ansible.builtin.systemd:\n name: \"{{ pdns_instance.service_name }}\"\n state: restarted\n\n- name: PowerDNS 4.9.x SQLite instance\n hosts: pdns\n vars_files:\n - ../resources/vars/pdns-common.yml\n - ../resources/vars/pdns-repo-49.yml\n - ../resources/vars/pdns-backend-sqlite3.yml\n vars:\n pdns_service_name: \"{{ pdns_instance.service_name }}\"\n pdns_service_enabled: \"{{ pdns_instance.service_enabled }}\"\n pdns_config_file: \"{{ pdns_instance.config_file }}\"\n pdns_config: >-\n {{ pdns_config_common\n | combine(pdns_instance.config_overrides | default({}), recursive=true)\n | combine(pdns_config_overrides_sqlite3 | default({}), recursive=true) }}\n roles:\n - { role: powerdns.pdns }\n post_tasks:\n - name: Check if the SQLite instance zone exists\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} list-zone {{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_check\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: false\n failed_when: false\n\n - name: Provision the SQLite instance zone\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} create-zone {{ pdns_instance.zone }} ns1.{{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_created\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: _pdns_backend_zone_check.rc != 0\n notify: Restart the SQLite instance service\n when: _pdns_backend_zone_check.rc != 0\n handlers:\n - name: Restart the SQLite instance service\n ansible.builtin.systemd:\n name: \"{{ pdns_instance.service_name }}\"\n state: restarted\n\n- name: PowerDNS 4.9.x MySQL instance\n hosts: pdns\n vars_files:\n - ../resources/vars/pdns-common.yml\n - ../resources/vars/pdns-repo-49.yml\n - ../resources/vars/pdns-backend-mysql.yml\n vars:\n pdns_service_name: \"{{ pdns_instance.service_name }}\"\n pdns_service_enabled: \"{{ pdns_instance.service_enabled }}\"\n pdns_config_file: \"{{ pdns_instance.config_file }}\"\n pdns_config: >-\n {{ pdns_config_common\n | combine(pdns_instance.config_overrides | default({}), recursive=true)\n | combine(pdns_config_overrides_mysql | default({}), recursive=true) }}\n roles:\n - { role: powerdns.pdns }\n post_tasks:\n - name: Check if the MySQL instance zone exists\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} list-zone {{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_check\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: false\n failed_when: false\n\n - name: Provision the MySQL instance zone\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} create-zone {{ pdns_instance.zone }} ns1.{{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_created\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: _pdns_backend_zone_check.rc != 0\n notify: Restart the MySQL instance service\n when: _pdns_backend_zone_check.rc != 0\n handlers:\n - name: Restart the MySQL instance service\n ansible.builtin.systemd:\n name: \"{{ pdns_instance.service_name }}\"\n state: restarted\n\n- name: PowerDNS 4.9.x MariaDB instance\n hosts: pdns\n vars_files:\n - ../resources/vars/pdns-common.yml\n - ../resources/vars/pdns-repo-49.yml\n - ../resources/vars/pdns-backend-mariadb.yml\n vars:\n pdns_service_name: \"{{ pdns_instance.service_name }}\"\n pdns_service_enabled: \"{{ pdns_instance.service_enabled }}\"\n pdns_config_file: \"{{ pdns_instance.config_file }}\"\n pdns_config: >-\n {{ pdns_config_common\n | combine(pdns_instance.config_overrides | default({}), recursive=true)\n | combine(pdns_config_overrides_mariadb | default({}), recursive=true) }}\n roles:\n - { role: powerdns.pdns }\n post_tasks:\n - name: Check if the MariaDB instance zone exists\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} list-zone {{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_check\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: false\n failed_when: false\n\n - name: Provision the MariaDB instance zone\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} create-zone {{ pdns_instance.zone }} ns1.{{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_created\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: _pdns_backend_zone_check.rc != 0\n notify: Restart the MariaDB instance service\n when: _pdns_backend_zone_check.rc != 0\n handlers:\n - name: Restart the MariaDB instance service\n ansible.builtin.systemd:\n name: \"{{ pdns_instance.service_name }}\"\n state: restarted\n\n- name: PowerDNS 4.9.x Bind instance\n hosts: pdns\n vars_files:\n - ../resources/vars/pdns-common.yml\n - ../resources/vars/pdns-repo-49.yml\n - ../resources/vars/pdns-backend-bind.yml\n vars:\n pdns_service_name: \"{{ pdns_instance.service_name }}\"\n pdns_service_enabled: \"{{ pdns_instance.service_enabled }}\"\n pdns_config_file: \"{{ pdns_instance.config_file }}\"\n pdns_config: >-\n {{ pdns_config_common\n | combine(pdns_instance.config_overrides | default({}), recursive=true)\n | combine(pdns_config_overrides_bind | default({}), recursive=true) }}\n roles:\n - { role: powerdns.pdns }\n\n- name: PowerDNS 4.9.x PostgreSQL instance\n hosts: pdns\n vars_files:\n - ../resources/vars/pdns-common.yml\n - ../resources/vars/pdns-repo-49.yml\n - ../resources/vars/pdns-backend-postgresql.yml\n vars:\n pdns_service_name: \"{{ pdns_instance.service_name }}\"\n pdns_service_enabled: \"{{ pdns_instance.service_enabled }}\"\n pdns_config_file: \"{{ pdns_instance.config_file }}\"\n pdns_config: >-\n {{ pdns_config_common\n | combine(pdns_instance.config_overrides | default({}), recursive=true)\n | combine(pdns_config_overrides_pgsql | default({}), recursive=true) }}\n roles:\n - { role: powerdns.pdns }\n post_tasks:\n - name: Check if the PostgreSQL instance zone exists\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} list-zone {{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_check\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: false\n failed_when: false\n\n - name: Provision the PostgreSQL instance zone\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} create-zone {{ pdns_instance.zone }} ns1.{{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_created\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: _pdns_backend_zone_check.rc != 0\n notify: Restart the PostgreSQL instance service\n when: _pdns_backend_zone_check.rc != 0\n handlers:\n - name: Restart the PostgreSQL instance service\n ansible.builtin.systemd:\n name: \"{{ pdns_instance.service_name }}\"\n state: restarted\n\n- name: PowerDNS 4.9.x Hide default service\n hosts: pdns\n vars:\n pdns_service_state: \"stopped\"\n pdns_service_enabled: \"no\"\n pdns_service_masked: true\n roles:\n - { role: powerdns.pdns }\n"
},
{
"path": "molecule/pdns-49/molecule.yml",
"content": "---\n\nscenario:\n name: pdns-49\n\ndriver:\n name: docker\n\ndependency:\n name: galaxy\n\nplatforms:\n\n - name: rockylinux-8\n groups: [\"pdns\"]\n image: rockylinux:8\n dockerfile_tpl: el-systemd\n\n - name: rockylinux-9\n groups: [\"pdns\"]\n image: rockylinux:9\n dockerfile_tpl: el-systemd\n\n - name: almalinux-8\n groups: [\"pdns\"]\n image: almalinux:8\n dockerfile_tpl: el-systemd\n\n - name: almalinux-9\n groups: [\"pdns\"]\n image: almalinux:9\n dockerfile_tpl: el-systemd\n\n - name: oraclelinux-8\n groups: [\"pdns\"]\n image: oraclelinux:8\n dockerfile_tpl: el-systemd\n\n - name: oraclelinux-9\n groups: [\"pdns\"]\n image: oraclelinux:9\n dockerfile_tpl: el-systemd\n\n - name: ubuntu-2204\n groups: [\"pdns\"]\n image: ubuntu:22.04\n dockerfile_tpl: debian-systemd\n\n - name: ubuntu-2404\n groups: [\"pdns\"]\n image: ubuntu:24.04\n dockerfile_tpl: debian-systemd\n\n - name: debian-11\n groups: [\"pdns\"]\n image: debian:11\n dockerfile_tpl: debian-systemd\n\n - name: debian-12\n groups: [\"pdns\"]\n image: debian:12\n dockerfile_tpl: debian-systemd\n\n - name: debian-13\n groups: [\"pdns\"]\n image: debian:13\n dockerfile_tpl: debian-systemd\n\n # In order to run the tests we need\n # a MySQL container to be up & running\n - name: mysql\n image: mysql:8.4.8\n env:\n MYSQL_ROOT_PASSWORD: pdns\n MYSQL_ROOT_HOST: '%'\n # Declaring the container as service,\n # will link it to the others Platforms containers\n # on creation.\n is_service: true\n\n # Additional service for gmysql tests against MariaDB 10.6\n - name: mariadb\n image: mariadb:10.6\n env:\n MARIADB_ROOT_PASSWORD: pdns\n MARIADB_ROOT_HOST: '%'\n is_service: true\n\n # PostgreSQL service for gpgsql backend tests\n - name: postgresql\n image: postgres:16\n env:\n POSTGRES_PASSWORD: pdns\n is_service: true\n\nprovisioner:\n name: ansible\n options:\n diff: true\n v: true\n config_options:\n defaults:\n gathering: smart\n fact_caching: jsonfile\n fact_caching_connection: .ansible_cache\n fact_caching_timeout: 7200\n ssh_connection:\n pipelining: true\n playbooks:\n # cleanup: ../resources/cleanup.yml\n create: ../resources/create.yml\n destroy: ../resources/destroy.yml\n prepare: ../resources/prepare.yml\n lint: ansible-lint\n\nlint: yamllint defaults tasks meta vars\n\nverifier:\n name: testinfra\n options:\n hosts: \"pdns\"\n vvv: true\n directory: ../resources/tests/all\n additional_files_or_dirs:\n # path relative to 'directory'\n - ../repo-49/\n - ../backend-sqlite/\n - ../backend-lmdb/\n - ../backend-mysql/\n - ../backend-mariadb/\n - ../backend-postgresql/\n - ../backend-bind/\n - ../backend-zones/\n - ../service-mask/\n - ../systemd-override/\n"
},
{
"path": "molecule/pdns-50/converge.yml",
"content": "---\n\n- name: PowerDNS 5.0.x LMDB default instance\n hosts: pdns\n vars_files:\n - ../resources/vars/pdns-common.yml\n - ../resources/vars/pdns-repo-50.yml\n - ../resources/vars/pdns-backend-lmdb.yml\n vars:\n pdns_service_name: \"{{ pdns_instance.service_name }}\"\n pdns_service_enabled: \"{{ pdns_instance.service_enabled }}\"\n pdns_config_file: \"{{ pdns_instance.config_file }}\"\n pdns_config: >-\n {{ pdns_config_common\n | combine(pdns_instance.config_overrides | default({}), recursive=true)\n | combine(pdns_config_overrides_lmdb | default({}), recursive=true) }}\n roles:\n - { role: powerdns.pdns }\n post_tasks:\n - name: Check if the LMDB instance zone exists\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} list-zone {{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_check\n become: true\n become_user: pdns\n changed_when: false\n failed_when: false\n\n - name: Provision the LMDB instance zone\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} create-zone {{ pdns_instance.zone }} ns1.{{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_created\n become: true\n become_user: pdns\n changed_when: _pdns_backend_zone_check.rc != 0\n notify: Restart the LMDB instance service\n when: _pdns_backend_zone_check.rc != 0\n handlers:\n - name: Restart the LMDB instance service\n ansible.builtin.systemd:\n name: \"{{ pdns_instance.service_name }}\"\n state: restarted\n\n- name: PowerDNS 5.0.x SQLite instance\n hosts: pdns\n vars_files:\n - ../resources/vars/pdns-common.yml\n - ../resources/vars/pdns-repo-50.yml\n - ../resources/vars/pdns-backend-sqlite3.yml\n vars:\n pdns_service_name: \"{{ pdns_instance.service_name }}\"\n pdns_service_enabled: \"{{ pdns_instance.service_enabled }}\"\n pdns_config_file: \"{{ pdns_instance.config_file }}\"\n pdns_config: >-\n {{ pdns_config_common\n | combine(pdns_instance.config_overrides | default({}), recursive=true)\n | combine(pdns_config_overrides_sqlite3 | default({}), recursive=true) }}\n roles:\n - { role: powerdns.pdns }\n post_tasks:\n - name: Check if the SQLite instance zone exists\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} list-zone {{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_check\n become: true\n become_user: pdns\n changed_when: false\n failed_when: false\n\n - name: Provision the SQLite instance zone\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} create-zone {{ pdns_instance.zone }} ns1.{{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_created\n become: true\n become_user: pdns\n changed_when: _pdns_backend_zone_check.rc != 0\n notify: Restart the SQLite instance service\n when: _pdns_backend_zone_check.rc != 0\n handlers:\n - name: Restart the SQLite instance service\n ansible.builtin.systemd:\n name: \"{{ pdns_instance.service_name }}\"\n state: restarted\n\n- name: PowerDNS 5.0.x MySQL instance\n hosts: pdns\n vars_files:\n - ../resources/vars/pdns-common.yml\n - ../resources/vars/pdns-repo-50.yml\n - ../resources/vars/pdns-backend-mysql.yml\n vars:\n pdns_service_name: \"{{ pdns_instance.service_name }}\"\n pdns_service_enabled: \"{{ pdns_instance.service_enabled }}\"\n pdns_config_file: \"{{ pdns_instance.config_file }}\"\n pdns_config: >-\n {{ pdns_config_common\n | combine(pdns_instance.config_overrides | default({}), recursive=true)\n | combine(pdns_config_overrides_mysql | default({}), recursive=true) }}\n roles:\n - { role: powerdns.pdns }\n post_tasks:\n - name: Check if the MySQL instance zone exists\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} list-zone {{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_check\n become: true\n become_user: pdns\n changed_when: false\n failed_when: false\n\n - name: Provision the MySQL instance zone\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} create-zone {{ pdns_instance.zone }} ns1.{{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_created\n become: true\n become_user: pdns\n changed_when: _pdns_backend_zone_check.rc != 0\n notify: Restart the MySQL instance service\n when: _pdns_backend_zone_check.rc != 0\n handlers:\n - name: Restart the MySQL instance service\n ansible.builtin.systemd:\n name: \"{{ pdns_instance.service_name }}\"\n state: restarted\n\n- name: PowerDNS 5.0.x MariaDB instance\n hosts: pdns\n vars_files:\n - ../resources/vars/pdns-common.yml\n - ../resources/vars/pdns-repo-50.yml\n - ../resources/vars/pdns-backend-mariadb.yml\n vars:\n pdns_service_name: \"{{ pdns_instance.service_name }}\"\n pdns_service_enabled: \"{{ pdns_instance.service_enabled }}\"\n pdns_config_file: \"{{ pdns_instance.config_file }}\"\n pdns_config: >-\n {{ pdns_config_common\n | combine(pdns_instance.config_overrides | default({}), recursive=true)\n | combine(pdns_config_overrides_mariadb | default({}), recursive=true) }}\n roles:\n - { role: powerdns.pdns }\n post_tasks:\n - name: Check if the MariaDB instance zone exists\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} list-zone {{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_check\n become: true\n become_user: pdns\n changed_when: false\n failed_when: false\n\n - name: Provision the MariaDB instance zone\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} create-zone {{ pdns_instance.zone }} ns1.{{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_created\n become: true\n become_user: pdns\n changed_when: _pdns_backend_zone_check.rc != 0\n notify: Restart the MariaDB instance service\n when: _pdns_backend_zone_check.rc != 0\n handlers:\n - name: Restart the MariaDB instance service\n ansible.builtin.systemd:\n name: \"{{ pdns_instance.service_name }}\"\n state: restarted\n\n- name: PowerDNS 5.0.x Bind instance\n hosts: pdns\n vars_files:\n - ../resources/vars/pdns-common.yml\n - ../resources/vars/pdns-repo-50.yml\n - ../resources/vars/pdns-backend-bind.yml\n vars:\n pdns_service_name: \"{{ pdns_instance.service_name }}\"\n pdns_service_enabled: \"{{ pdns_instance.service_enabled }}\"\n pdns_config_file: \"{{ pdns_instance.config_file }}\"\n pdns_config: >-\n {{ pdns_config_common\n | combine(pdns_instance.config_overrides | default({}), recursive=true)\n | combine(pdns_config_overrides_bind | default({}), recursive=true) }}\n roles:\n - { role: powerdns.pdns }\n\n- name: PowerDNS 5.0.x PostgreSQL instance\n hosts: pdns\n vars_files:\n - ../resources/vars/pdns-common.yml\n - ../resources/vars/pdns-repo-50.yml\n - ../resources/vars/pdns-backend-postgresql.yml\n vars:\n pdns_service_name: \"{{ pdns_instance.service_name }}\"\n pdns_service_enabled: \"{{ pdns_instance.service_enabled }}\"\n pdns_config_file: \"{{ pdns_instance.config_file }}\"\n pdns_config: >-\n {{ pdns_config_common\n | combine(pdns_instance.config_overrides | default({}), recursive=true)\n | combine(pdns_config_overrides_pgsql | default({}), recursive=true) }}\n roles:\n - { role: powerdns.pdns }\n post_tasks:\n - name: Check if the PostgreSQL instance zone exists\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} list-zone {{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_check\n become: true\n become_user: pdns\n changed_when: false\n failed_when: false\n\n - name: Provision the PostgreSQL instance zone\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} create-zone {{ pdns_instance.zone }} ns1.{{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_created\n become: true\n become_user: pdns\n changed_when: _pdns_backend_zone_check.rc != 0\n notify: Restart the PostgreSQL instance service\n when: _pdns_backend_zone_check.rc != 0\n handlers:\n - name: Restart the PostgreSQL instance service\n ansible.builtin.systemd:\n name: \"{{ pdns_instance.service_name }}\"\n state: restarted\n\n- name: PowerDNS 5.0.x Hide default service\n hosts: pdns\n vars:\n pdns_service_state: \"stopped\"\n pdns_service_enabled: \"no\"\n pdns_service_masked: true\n roles:\n - { role: powerdns.pdns }\n"
},
{
"path": "molecule/pdns-50/molecule.yml",
"content": "---\n\nscenario:\n name: pdns-50\n\ndriver:\n name: docker\n\ndependency:\n name: galaxy\n\nplatforms:\n\n - name: rockylinux-8\n groups: [\"pdns\"]\n image: rockylinux:8\n dockerfile_tpl: el-systemd\n\n - name: rockylinux-9\n groups: [\"pdns\"]\n image: rockylinux:9\n dockerfile_tpl: el-systemd\n\n - name: almalinux-8\n groups: [\"pdns\"]\n image: almalinux:8\n dockerfile_tpl: el-systemd\n\n - name: almalinux-9\n groups: [\"pdns\"]\n image: almalinux:9\n dockerfile_tpl: el-systemd\n\n - name: almalinux-10\n groups: [\"pdns\"]\n image: almalinux:10\n dockerfile_tpl: el-systemd\n\n - name: oraclelinux-8\n groups: [\"pdns\"]\n image: oraclelinux:8\n dockerfile_tpl: el-systemd\n\n - name: oraclelinux-9\n groups: [\"pdns\"]\n image: oraclelinux:9\n dockerfile_tpl: el-systemd\n\n - name: oraclelinux-10\n groups: [\"pdns\"]\n image: oraclelinux:10\n dockerfile_tpl: el-systemd\n\n - name: ubuntu-2204\n groups: [\"pdns\"]\n image: ubuntu:22.04\n dockerfile_tpl: debian-systemd\n\n - name: ubuntu-2404\n groups: [\"pdns\"]\n image: ubuntu:24.04\n dockerfile_tpl: debian-systemd\n\n - name: debian-11\n groups: [\"pdns\"]\n image: debian:11\n dockerfile_tpl: debian-systemd\n\n - name: debian-12\n groups: [\"pdns\"]\n image: debian:12\n dockerfile_tpl: debian-systemd\n\n - name: debian-13\n groups: [\"pdns\"]\n image: debian:13\n dockerfile_tpl: debian-systemd\n\n # In order to run the tests we need\n # a MySQL container to be up & running\n - name: mysql\n image: mysql:8.4.8\n env:\n MYSQL_ROOT_PASSWORD: pdns\n MYSQL_ROOT_HOST: '%'\n # Declaring the container as service,\n # will link it to the others containers on creation\n is_service: true\n\n # Additional service for gmysql tests against MariaDB 10.6\n - name: mariadb\n image: mariadb:10.6\n env:\n MARIADB_ROOT_PASSWORD: pdns\n MARIADB_ROOT_HOST: '%'\n is_service: true\n\n # PostgreSQL service for gpgsql backend tests\n - name: postgresql\n image: postgres:16\n env:\n POSTGRES_PASSWORD: pdns\n is_service: true\n\nprovisioner:\n name: ansible\n options:\n diff: true\n v: true\n config_options:\n defaults:\n gathering: smart\n fact_caching: jsonfile\n fact_caching_connection: .ansible_cache\n fact_caching_timeout: 7200\n ssh_connection:\n pipelining: true\n playbooks:\n # cleanup: ../resources/cleanup.yml\n create: ../resources/create.yml\n destroy: ../resources/destroy.yml\n prepare: ../resources/prepare.yml\n lint: ansible-lint\n\nlint: yamllint defaults handlers tasks meta vars\n\nverifier:\n name: testinfra\n options:\n hosts: \"pdns\"\n v: true\n directory: ../resources/tests/all\n additional_files_or_dirs:\n # path relative to 'directory'\n - ../repo-50/\n - ../backend-sqlite/\n - ../backend-lmdb/\n - ../backend-mysql/\n - ../backend-mariadb/\n - ../backend-postgresql/\n - ../backend-bind/\n - ../backend-zones/\n - ../service-mask/\n - ../systemd-override/\n"
},
{
"path": "molecule/pdns-master/converge.yml",
"content": "---\n\n- name: PowerDNS Master LMDB default instance\n hosts: pdns\n vars_files:\n - ../resources/vars/pdns-common.yml\n - ../resources/vars/pdns-repo-master.yml\n - ../resources/vars/pdns-backend-lmdb.yml\n vars:\n pdns_service_name: \"{{ pdns_instance.service_name }}\"\n pdns_service_enabled: \"{{ pdns_instance.service_enabled }}\"\n pdns_config_file: \"{{ pdns_instance.config_file }}\"\n pdns_config: >-\n {{ pdns_config_common\n | combine(pdns_instance.config_overrides | default({}), recursive=true)\n | combine(pdns_config_overrides_lmdb | default({}), recursive=true) }}\n roles:\n - { role: powerdns.pdns }\n post_tasks:\n - name: Check if the LMDB instance zone exists\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} list-zone {{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_check\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: false\n failed_when: false\n\n - name: Provision the LMDB instance zone\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} create-zone {{ pdns_instance.zone }} ns1.{{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_created\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: _pdns_backend_zone_check.rc != 0\n notify: Restart the LMDB instance service\n when: _pdns_backend_zone_check.rc != 0\n handlers:\n - name: Restart the LMDB instance service\n ansible.builtin.systemd:\n name: \"{{ pdns_instance.service_name }}\"\n state: restarted\n\n- name: PowerDNS Master SQLite instance\n hosts: pdns\n vars_files:\n - ../resources/vars/pdns-common.yml\n - ../resources/vars/pdns-repo-master.yml\n - ../resources/vars/pdns-backend-sqlite3.yml\n vars:\n pdns_service_name: \"{{ pdns_instance.service_name }}\"\n pdns_service_enabled: \"{{ pdns_instance.service_enabled }}\"\n pdns_config_file: \"{{ pdns_instance.config_file }}\"\n pdns_config: >-\n {{ pdns_config_common\n | combine(pdns_instance.config_overrides | default({}), recursive=true)\n | combine(pdns_config_overrides_sqlite3 | default({}), recursive=true) }}\n roles:\n - { role: powerdns.pdns }\n post_tasks:\n - name: Check if the SQLite instance zone exists\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} list-zone {{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_check\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: false\n failed_when: false\n\n - name: Provision the SQLite instance zone\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} create-zone {{ pdns_instance.zone }} ns1.{{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_created\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: _pdns_backend_zone_check.rc != 0\n notify: Restart the SQLite instance service\n when: _pdns_backend_zone_check.rc != 0\n handlers:\n - name: Restart the SQLite instance service\n ansible.builtin.systemd:\n name: \"{{ pdns_instance.service_name }}\"\n state: restarted\n\n- name: PowerDNS Master MySQL instance\n hosts: pdns\n vars_files:\n - ../resources/vars/pdns-common.yml\n - ../resources/vars/pdns-repo-master.yml\n - ../resources/vars/pdns-backend-mysql.yml\n vars:\n pdns_service_name: \"{{ pdns_instance.service_name }}\"\n pdns_service_enabled: \"{{ pdns_instance.service_enabled }}\"\n pdns_config_file: \"{{ pdns_instance.config_file }}\"\n pdns_config: >-\n {{ pdns_config_common\n | combine(pdns_instance.config_overrides | default({}), recursive=true)\n | combine(pdns_config_overrides_mysql | default({}), recursive=true) }}\n roles:\n - { role: powerdns.pdns }\n post_tasks:\n - name: Check if the MySQL instance zone exists\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} list-zone {{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_check\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: false\n failed_when: false\n\n - name: Provision the MySQL instance zone\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} create-zone {{ pdns_instance.zone }} ns1.{{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_created\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: _pdns_backend_zone_check.rc != 0\n notify: Restart the MySQL instance service\n when: _pdns_backend_zone_check.rc != 0\n handlers:\n - name: Restart the MySQL instance service\n ansible.builtin.systemd:\n name: \"{{ pdns_instance.service_name }}\"\n state: restarted\n\n- name: PowerDNS Master MariaDB instance\n hosts: pdns\n vars_files:\n - ../resources/vars/pdns-common.yml\n - ../resources/vars/pdns-repo-master.yml\n - ../resources/vars/pdns-backend-mariadb.yml\n vars:\n pdns_service_name: \"{{ pdns_instance.service_name }}\"\n pdns_service_enabled: \"{{ pdns_instance.service_enabled }}\"\n pdns_config_file: \"{{ pdns_instance.config_file }}\"\n pdns_config: >-\n {{ pdns_config_common\n | combine(pdns_instance.config_overrides | default({}), recursive=true)\n | combine(pdns_config_overrides_mariadb | default({}), recursive=true) }}\n roles:\n - { role: powerdns.pdns }\n post_tasks:\n - name: Check if the MariaDB instance zone exists\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} list-zone {{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_check\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: false\n failed_when: false\n\n - name: Provision the MariaDB instance zone\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} create-zone {{ pdns_instance.zone }} ns1.{{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_created\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: _pdns_backend_zone_check.rc != 0\n notify: Restart the MariaDB instance service\n when: _pdns_backend_zone_check.rc != 0\n handlers:\n - name: Restart the MariaDB instance service\n ansible.builtin.systemd:\n name: \"{{ pdns_instance.service_name }}\"\n state: restarted\n\n- name: PowerDNS Master Bind instance\n hosts: pdns\n vars_files:\n - ../resources/vars/pdns-common.yml\n - ../resources/vars/pdns-repo-master.yml\n - ../resources/vars/pdns-backend-bind.yml\n vars:\n pdns_service_name: \"{{ pdns_instance.service_name }}\"\n pdns_service_enabled: \"{{ pdns_instance.service_enabled }}\"\n pdns_config_file: \"{{ pdns_instance.config_file }}\"\n pdns_config: >-\n {{ pdns_config_common\n | combine(pdns_instance.config_overrides | default({}), recursive=true)\n | combine(pdns_config_overrides_bind | default({}), recursive=true) }}\n roles:\n - { role: powerdns.pdns }\n\n- name: PowerDNS Master PostgreSQL instance\n hosts: pdns\n vars_files:\n - ../resources/vars/pdns-common.yml\n - ../resources/vars/pdns-repo-master.yml\n - ../resources/vars/pdns-backend-postgresql.yml\n vars:\n pdns_service_name: \"{{ pdns_instance.service_name }}\"\n pdns_service_enabled: \"{{ pdns_instance.service_enabled }}\"\n pdns_config_file: \"{{ pdns_instance.config_file }}\"\n pdns_config: >-\n {{ pdns_config_common\n | combine(pdns_instance.config_overrides | default({}), recursive=true)\n | combine(pdns_config_overrides_pgsql | default({}), recursive=true) }}\n roles:\n - { role: powerdns.pdns }\n post_tasks:\n - name: Check if the PostgreSQL instance zone exists\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} list-zone {{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_check\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: false\n failed_when: false\n\n - name: Provision the PostgreSQL instance zone\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} create-zone {{ pdns_instance.zone }} ns1.{{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_created\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: _pdns_backend_zone_check.rc != 0\n notify: Restart the PostgreSQL instance service\n when: _pdns_backend_zone_check.rc != 0\n handlers:\n - name: Restart the PostgreSQL instance service\n ansible.builtin.systemd:\n name: \"{{ pdns_instance.service_name }}\"\n state: restarted\n\n- name: PowerDNS Master Hide default service\n hosts: pdns\n vars:\n pdns_service_state: \"stopped\"\n pdns_service_enabled: \"no\"\n pdns_service_masked: true\n roles:\n - { role: powerdns.pdns }\n"
},
{
"path": "molecule/pdns-master/molecule.yml",
"content": "---\n\nscenario:\n name: pdns-master\n\ndriver:\n name: docker\n\ndependency:\n name: galaxy\n\nplatforms:\n\n - name: rockylinux-8\n groups: [\"pdns\"]\n image: rockylinux:8\n dockerfile_tpl: el-systemd\n\n - name: rockylinux-9\n groups: [\"pdns\"]\n image: rockylinux:9\n dockerfile_tpl: el-systemd\n\n - name: almalinux-8\n groups: [\"pdns\"]\n image: almalinux:8\n dockerfile_tpl: el-systemd\n\n - name: almalinux-9\n groups: [\"pdns\"]\n image: almalinux:9\n dockerfile_tpl: el-systemd\n\n - name: oraclelinux-8\n groups: [\"pdns\"]\n image: oraclelinux:8\n dockerfile_tpl: el-systemd\n\n - name: oraclelinux-9\n groups: [\"pdns\"]\n image: oraclelinux:9\n dockerfile_tpl: el-systemd\n\n - name: ubuntu-2204\n groups: [\"pdns\"]\n image: ubuntu:22.04\n dockerfile_tpl: debian-systemd\n\n - name: ubuntu-2404\n groups: [\"pdns\"]\n image: ubuntu:24.04\n dockerfile_tpl: debian-systemd\n\n - name: debian-11\n groups: [\"pdns\"]\n image: debian:11\n dockerfile_tpl: debian-systemd\n\n - name: debian-12\n groups: [\"pdns\"]\n image: debian:12\n dockerfile_tpl: debian-systemd\n\n # In order to run the tests we need\n # a MySQL container to be up & running\n - name: mysql\n image: mysql:8.4.8\n env:\n MYSQL_ROOT_PASSWORD: pdns\n MYSQL_ROOT_HOST: '%'\n # Declaring the container as service,\n # will link it to the others Platforms containers\n # on creation.\n is_service: true\n\n # Additional service for gmysql tests against MariaDB 10.6\n - name: mariadb\n image: mariadb:10.6\n env:\n MARIADB_ROOT_PASSWORD: pdns\n MARIADB_ROOT_HOST: '%'\n is_service: true\n\n # PostgreSQL service for gpgsql backend tests\n - name: postgresql\n image: postgres:16\n env:\n POSTGRES_PASSWORD: pdns\n is_service: true\n\nprovisioner:\n name: ansible\n options:\n diff: true\n v: true\n config_options:\n defaults:\n gathering: smart\n fact_caching: jsonfile\n fact_caching_connection: .ansible_cache\n fact_caching_timeout: 7200\n ssh_connection:\n pipelining: true\n playbooks:\n # cleanup: ../resources/cleanup.yml\n create: ../resources/create.yml\n destroy: ../resources/destroy.yml\n prepare: ../resources/prepare.yml\n lint: ansible-lint\n\nlint: yamllint defaults tasks meta vars\n\nverifier:\n name: testinfra\n options:\n hosts: \"pdns\"\n vvv: true\n directory: ../resources/tests/all\n additional_files_or_dirs:\n # path relative to 'directory'\n - ../repo-master/\n - ../backend-sqlite/\n - ../backend-lmdb/\n - ../backend-mysql/\n - ../backend-mariadb/\n - ../backend-postgresql/\n - ../backend-bind/\n - ../backend-zones/\n - ../service-mask/\n - ../systemd-override/\n"
},
{
"path": "molecule/pdns-os-repos/converge.yml",
"content": "---\n\n- name: PowerDNS LMDB default instance\n hosts: pdns\n vars_files:\n - ../resources/vars/pdns-common.yml\n - ../resources/vars/pdns-backend-lmdb.yml\n vars:\n pdns_service_name: \"{{ pdns_instance.service_name }}\"\n pdns_service_enabled: \"{{ pdns_instance.service_enabled }}\"\n pdns_config_file: \"{{ pdns_instance.config_file }}\"\n pdns_config: >-\n {{ pdns_config_common\n | combine(pdns_instance.config_overrides | default({}), recursive=true)\n | combine(pdns_config_overrides_lmdb | default({}), recursive=true) }}\n roles:\n - { role: powerdns.pdns }\n post_tasks:\n - name: Check if the LMDB instance zone exists\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} list-zone {{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_check\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: false\n failed_when: false\n\n - name: Provision the LMDB instance zone\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} create-zone {{ pdns_instance.zone }} ns1.{{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_created\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: _pdns_backend_zone_check.rc != 0\n notify: Restart the LMDB instance service\n when: _pdns_backend_zone_check.rc != 0\n handlers:\n - name: Restart the LMDB instance service\n ansible.builtin.systemd:\n name: \"{{ pdns_instance.service_name }}\"\n state: restarted\n\n- name: PowerDNS SQLite instance\n hosts: pdns\n vars_files:\n - ../resources/vars/pdns-common.yml\n - ../resources/vars/pdns-backend-sqlite3.yml\n vars:\n pdns_service_name: \"{{ pdns_instance.service_name }}\"\n pdns_service_enabled: \"{{ pdns_instance.service_enabled }}\"\n pdns_config_file: \"{{ pdns_instance.config_file }}\"\n pdns_config: >-\n {{ pdns_config_common\n | combine(pdns_instance.config_overrides | default({}), recursive=true)\n | combine(pdns_config_overrides_sqlite3 | default({}), recursive=true) }}\n roles:\n - { role: powerdns.pdns }\n post_tasks:\n - name: Check if the SQLite instance zone exists\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} list-zone {{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_check\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: false\n failed_when: false\n\n - name: Provision the SQLite instance zone\n ansible.builtin.command: \"pdnsutil --config-name={{ pdns_instance.config_name }} create-zone {{ pdns_instance.zone }} ns1.{{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_created\n become: true\n become_user: \"{{ pdns_user }}\"\n changed_when: _pdns_backend_zone_check.rc != 0\n notify: Restart the SQLite instance service\n when: _pdns_backend_zone_check.rc != 0\n handlers:\n - name: Restart the SQLite instance service\n ansible.builtin.systemd:\n name: \"{{ pdns_instance.service_name }}\"\n state: restarted\n\n- name: PowerDNS MySQL instance\n hosts: pdns\n vars_files:\n - ../resources/vars/pdns-common.yml\n - ../resources/vars/pdns-backend-mysql.yml\n vars:\n pdns_service_name: \"{{ pdns_instance.service_name }}\"\n pdns_service_enabled: \"{{ pdns_instance.service_enabled }}\"\n pdns_config_file: \"{{ pdns_instance.config_file }}\"\n pdns_config: >-\n {{ pdns_config_common\n | combine(pdns_instance.config_overrides | default({}), recursive=true)\n | combine(pdns_config_overrides_mysql | default({}), recursive=true) }}\n roles:\n - { role: powerdns.pdns }\n post_tasks:\n - name: Check if the MySQL instance zone exists\n ansible.builtin.command: \"sudo -u powerdns -- pdnsutil --config-name={{ pdns_instance.config_name }} list-zone {{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_check\n become: true\n changed_when: false\n failed_when: false\n\n - name: Provision the MySQL instance zone\n ansible.builtin.command: \"sudo -u powerdns -- pdnsutil --config-name={{ pdns_instance.config_name }} create-zone {{ pdns_instance.zone }} ns1.{{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_created\n become: true\n changed_when: _pdns_backend_zone_check.rc != 0\n notify: Restart the MySQL instance service\n when: _pdns_backend_zone_check.rc != 0\n handlers:\n - name: Restart the MySQL instance service\n ansible.builtin.systemd:\n name: \"{{ pdns_instance.service_name }}\"\n state: restarted\n\n- name: PowerDNS MariaDB instance\n hosts: pdns\n vars_files:\n - ../resources/vars/pdns-common.yml\n - ../resources/vars/pdns-backend-mariadb.yml\n vars:\n pdns_service_name: \"{{ pdns_instance.service_name }}\"\n pdns_service_enabled: \"{{ pdns_instance.service_enabled }}\"\n pdns_config_file: \"{{ pdns_instance.config_file }}\"\n pdns_config: >-\n {{ pdns_config_common\n | combine(pdns_instance.config_overrides | default({}), recursive=true)\n | combine(pdns_config_overrides_mariadb | default({}), recursive=true) }}\n roles:\n - { role: powerdns.pdns }\n post_tasks:\n - name: Check if the MariaDB instance zone exists\n ansible.builtin.command: \"sudo -u powerdns -- pdnsutil --config-name={{ pdns_instance.config_name }} list-zone {{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_check\n become: true\n changed_when: false\n failed_when: false\n\n - name: Provision the MariaDB instance zone\n ansible.builtin.command: \"sudo -u powerdns -- pdnsutil --config-name={{ pdns_instance.config_name }} create-zone {{ pdns_instance.zone }} ns1.{{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_created\n become: true\n changed_when: _pdns_backend_zone_check.rc != 0\n notify: Restart the MariaDB instance service\n when: _pdns_backend_zone_check.rc != 0\n handlers:\n - name: Restart the MariaDB instance service\n ansible.builtin.systemd:\n name: \"{{ pdns_instance.service_name }}\"\n state: restarted\n\n- name: PowerDNS Bind instance\n hosts: pdns\n vars_files:\n - ../resources/vars/pdns-common.yml\n - ../resources/vars/pdns-backend-bind.yml\n vars:\n pdns_service_name: \"{{ pdns_instance.service_name }}\"\n pdns_service_enabled: \"{{ pdns_instance.service_enabled }}\"\n pdns_config_file: \"{{ pdns_instance.config_file }}\"\n pdns_config: >-\n {{ pdns_config_common\n | combine(pdns_instance.config_overrides | default({}), recursive=true)\n | combine(pdns_config_overrides_bind | default({}), recursive=true) }}\n roles:\n - { role: powerdns.pdns }\n\n- name: PowerDNS PostgreSQL instance\n hosts: pdns\n vars_files:\n - ../resources/vars/pdns-common.yml\n - ../resources/vars/pdns-backend-postgresql.yml\n vars:\n pdns_service_name: \"{{ pdns_instance.service_name }}\"\n pdns_service_enabled: \"{{ pdns_instance.service_enabled }}\"\n pdns_config_file: \"{{ pdns_instance.config_file }}\"\n pdns_config: >-\n {{ pdns_config_common\n | combine(pdns_instance.config_overrides | default({}), recursive=true)\n | combine(pdns_config_overrides_pgsql | default({}), recursive=true) }}\n roles:\n - { role: powerdns.pdns }\n post_tasks:\n - name: Check if the PostgreSQL instance zone exists\n ansible.builtin.command: \"sudo -u powerdns -- pdnsutil --config-name={{ pdns_instance.config_name }} list-zone {{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_check\n become: true\n changed_when: false\n failed_when: false\n\n - name: Provision the PostgreSQL instance zone\n ansible.builtin.command: \"sudo -u powerdns -- pdnsutil --config-name={{ pdns_instance.config_name }} create-zone {{ pdns_instance.zone }} ns1.{{ pdns_instance.zone }}\"\n register: _pdns_backend_zone_created\n become: true\n changed_when: _pdns_backend_zone_check.rc != 0\n notify: Restart the PostgreSQL instance service\n when: _pdns_backend_zone_check.rc != 0\n handlers:\n - name: Restart the PostgreSQL instance service\n ansible.builtin.systemd:\n name: \"{{ pdns_instance.service_name }}\"\n state: restarted\n\n- name: PowerDNS Hide default service\n hosts: pdns\n vars:\n pdns_service_state: \"stopped\"\n pdns_service_enabled: \"no\"\n pdns_service_masked: true\n roles:\n - { role: powerdns.pdns }\n"
},
{
"path": "molecule/pdns-os-repos/molecule.yml",
"content": "---\n\nscenario:\n name: pdns-os-repos\n\ndriver:\n name: docker\n\ndependency:\n name: galaxy\n\nplatforms:\n\n - name: archlinux\n groups: [\"pdns\"]\n image: archlinux:base\n dockerfile_tpl: archlinux-systemd\n\n # In order to run the tests we need\n # a MySQL container to be up & running\n - name: mysql\n image: mysql:8.4.8\n env:\n MYSQL_ROOT_PASSWORD: pdns\n MYSQL_ROOT_HOST: '%'\n # Declaring the container as service,\n # will link it to the others containers on creation\n is_service: true\n\n # Additional service for gmysql tests against MariaDB 10.6\n - name: mariadb\n image: mariadb:10.6\n env:\n MARIADB_ROOT_PASSWORD: pdns\n MARIADB_ROOT_HOST: '%'\n is_service: true\n\n # PostgreSQL service for gpgsql backend tests\n - name: postgresql\n image: postgres:16\n env:\n POSTGRES_PASSWORD: pdns\n is_service: true\n\nprovisioner:\n name: ansible\n options:\n diff: true\n v: true\n config_options:\n defaults:\n gathering: smart\n fact_caching: jsonfile\n fact_caching_connection: .ansible_cache\n fact_caching_timeout: 7200\n ssh_connection:\n pipelining: true\n playbooks:\n # cleanup: ../resources/cleanup.yml\n create: ../resources/create.yml\n destroy: ../resources/destroy.yml\n prepare: ../resources/prepare.yml\n lint: ansible-lint\n\nlint: yamllint defaults tasks meta vars\n\nverifier:\n name: testinfra\n options:\n hosts: \"pdns\"\n vvv: true\n directory: ../resources/tests/all\n additional_files_or_dirs:\n # path relative to 'directory'\n - ../backend-sqlite/\n - ../backend-lmdb/\n - ../backend-mysql/\n - ../backend-mariadb/\n - ../backend-postgresql/\n - ../backend-bind/\n - ../backend-zones/\n - ../service-mask/\n - ../systemd-override/\n"
},
{
"path": "molecule/resources/Dockerfile.archlinux-systemd.j2",
"content": "# Molecule managed\n\n{% set archlinux_base_image = 'menci/archlinuxarm:latest' if (item.name | lower == 'archlinux' and (molecule_docker_arch | default('')) == 'arm64') else item.image %}\nFROM {{ archlinux_base_image }}\n\nRUN pacman -Syu --noconfirm && \\\n pacman -S --noconfirm systemd awk bash ca-certificates geoip grep inetutils \\\n iproute2 libmaxminddb net-tools procps-ng python python-cryptography \\\n python-pip sudo vim yaml-cpp && \\\n rm -rf /usr/share/doc/* && \\\n rm -rf /usr/share/man/* && \\\n pacman -Scc --noconfirm\n\nRUN cd /usr/lib/systemd/system/sysinit.target.wants/; \\\n for i in *; do [ $i = systemd-tmpfiles-setup.service ] || rm -f $i; done\n\nRUN rm -f /usr/lib/systemd/system/multi-user.target.wants/* \\\n /etc/systemd/system/*.wants/* \\\n /usr/lib/systemd/system/local-fs.target.wants/* \\\n /usr/lib/systemd/system/sockets.target.wants/*udev* \\\n /usr/lib/systemd/system/sockets.target.wants/*initctl* \\\n /usr/lib/systemd/system/basic.target.wants/* \\\n /usr/lib/systemd/system/anaconda.target.wants/*\n\n# Disable requiretty.\nRUN sed -i -e 's/^\\(Defaults\\s*requiretty\\)/#--- \\1/' /etc/sudoers || echo \"Defaults !requiretty\" > /etc/sudoers.d/molecule\n\n# Create `ansible` user with sudo permissions\nENV ANSIBLE_USER=ansible SUDO_GROUP=wheel\nRUN set -xe && \\\n groupadd -r ${ANSIBLE_USER} && \\\n useradd -m -g ${ANSIBLE_USER} ${ANSIBLE_USER} && \\\n usermod -aG ${SUDO_GROUP} ${ANSIBLE_USER} && \\\n sed -i \"/^# %${SUDO_GROUP}/s/^# //g\" /etc/sudoers && \\\n sed -i \"/^%${SUDO_GROUP}/s/ALL$/NOPASSWD:ALL/g\" /etc/sudoers\n\nVOLUME [ \"/sys/fs/cgroup\", \"/tmp\", \"/run\" ]\n\nCMD [ \"/usr/lib/systemd/systemd\" ]\n"
},
{
"path": "molecule/resources/Dockerfile.debian-systemd.j2",
"content": "# Molecule managed\n\nFROM {{ item.image }}\n\nENV container docker\nENV DEBIAN_FRONTEND=noninteractive\n\nRUN apt-get update -y && \\\n apt-get install -y --no-install-recommends systemd python3 python3-pip python3-apt sudo adduser bash net-tools iproute2 procps && \\\n rm -Rf /usr/share/doc && \\\n rm -Rf /usr/share/man && \\\n apt-get clean\n\nRUN rm -f /lib/systemd/system/multi-user.target.wants/* \\\n /etc/systemd/system/*.wants/* \\\n /lib/systemd/system/local-fs.target.wants/* \\\n /lib/systemd/system/sockets.target.wants/*udev* \\\n /lib/systemd/system/sockets.target.wants/*initctl* \\\n /lib/systemd/system/sysinit.target.wants/systemd-tmpfiles-setup* \\\n /lib/systemd/system/systemd-update-utmp*\n\n# Disable requiretty.\nRUN sed -i -e 's/^\\(Defaults\\s*requiretty\\)/#--- \\1/' /etc/sudoers\n\n# Create `ansible` user with sudo permissions\nENV ANSIBLE_USER=ansible SUDO_GROUP=sudo\nRUN set -xe && \\\n groupadd -r ${ANSIBLE_USER} && \\\n useradd -m -g ${ANSIBLE_USER} ${ANSIBLE_USER} && \\\n usermod -aG ${SUDO_GROUP} ${ANSIBLE_USER} && \\\n sed -i \"/^%${SUDO_GROUP}/s/ALL$/NOPASSWD:ALL/g\" /etc/sudoers\n\nVOLUME [ \"/sys/fs/cgroup\", \"/tmp\", \"/run\" ]\n\nCMD [ \"/lib/systemd/systemd\" ]\n"
},
{
"path": "molecule/resources/Dockerfile.el-systemd.j2",
"content": "# Molecule managed\n\nFROM {{ item.image }}\n\nENV container docker\n\nRUN dnf makecache && \\\n dnf install -y systemd python3 python3-pip sudo bash vim iproute procps-ng hostname && \\\n rm -Rf /usr/share/doc && \\\n rm -Rf /usr/share/man && \\\n dnf clean all\n\nRUN cd /lib/systemd/system/sysinit.target.wants/; \\\n for i in *; do [ $i = systemd-tmpfiles-setup.service ] || rm -f $i; done\n\nRUN rm -f /lib/systemd/system/multi-user.target.wants/* \\\n /etc/systemd/system/*.wants/* \\\n /lib/systemd/system/local-fs.target.wants/* \\\n /lib/systemd/system/sockets.target.wants/*udev* \\\n /lib/systemd/system/sockets.target.wants/*initctl* \\\n /lib/systemd/system/basic.target.wants/* \\\n /lib/systemd/system/anaconda.target.wants/*\n\n# Disable requiretty.\nRUN sed -i -e 's/^\\(Defaults\\s*requiretty\\)/#--- \\1/' /etc/sudoers\n\n# Create `ansible` user with sudo permissions\nENV ANSIBLE_USER=ansible SUDO_GROUP=wheel\nRUN set -xe && \\\n groupadd -r ${ANSIBLE_USER} && \\\n useradd -m -g ${ANSIBLE_USER} ${ANSIBLE_USER} && \\\n usermod -aG ${SUDO_GROUP} ${ANSIBLE_USER} && \\\n sed -i \"/^%${SUDO_GROUP}/s/ALL\\$/NOPASSWD:ALL/g\" /etc/sudoers\n\nVOLUME [ \"/sys/fs/cgroup\", \"/tmp\", \"/run\" ]\n\nCMD [ \"/usr/sbin/init\" ]\n"
},
{
"path": "molecule/resources/cleanup.yml",
"content": "---\n\n- name: Cleanup role-managed PowerDNS packages\n hosts: pdns\n vars:\n pdns_package_state: absent\n pdns_debug_symbols_package_state: absent\n pdns_backends_packages_state: absent\n pdns_mysql_packages_state: absent\n pdns_pgsql_packages_state: absent\n pdns_sqlite_package_state: absent\n pdns_backends:\n bind: {}\n gmysql: {}\n gpgsql: {}\n gsqlite3: {}\n lmdb: {}\n roles:\n - role: powerdns.pdns\n"
},
{
"path": "molecule/resources/create.yml",
"content": "---\n\n- name: Create\n hosts: localhost\n connection: local\n gather_facts: false\n vars_files:\n - vars/molecule.yml\n tasks:\n\n - name: Detect host architecture for Docker platform selection\n ansible.builtin.set_fact:\n _molecule_host_arch: \"{{ lookup('pipe', 'uname -m') | trim | lower }}\"\n changed_when: false\n\n - name: Define Docker architecture/platform mappings\n ansible.builtin.set_fact:\n _molecule_arch_map:\n x86_64: amd64\n amd64: amd64\n aarch64: arm64\n arm64: arm64\n armv8l: arm64\n changed_when: false\n\n - name: Set Docker target architecture and platform\n ansible.builtin.set_fact:\n molecule_docker_arch: \"{{ _molecule_arch_map.get(_molecule_host_arch, _molecule_host_arch) }}\"\n molecule_docker_platform: \"linux/{{ _molecule_arch_map.get(_molecule_host_arch, _molecule_host_arch) }}\"\n changed_when: false\n\n - name: Get list of service instances\n ansible.builtin.set_fact:\n molecule_service_instances: \"{{ molecule_yml.platforms | selectattr('is_service', 'defined') | selectattr('is_service') | list }}\"\n\n - name: Get list of platform instances\n ansible.builtin.set_fact:\n molecule_platform_instances: \"{{ molecule_yml.platforms | difference(molecule_service_instances) }}\"\n\n - name: Create Dockerfiles from platform names\n ansible.builtin.template:\n src: \"Dockerfile.{{ item.dockerfile_tpl | default('default') }}.j2\"\n dest: \"{{ molecule_ephemeral_directory }}/Dockerfile_{{ item.name | regex_replace('[^a-zA-Z0-9_]', '_') }}\"\n mode: '0644'\n with_items: \"{{ molecule_platform_instances }}\"\n register: platforms\n\n - name: Discover local Docker images\n community.docker.docker_image_info:\n name: \"molecule_pdns/{{ item.item.name | lower | regex_replace('[^a-z0-9_.-]', '_') }}-{{ molecule_docker_arch }}\"\n with_items: \"{{ platforms.results }}\"\n register: docker_images\n\n - name: Build an Ansible compatible image\n community.docker.docker_image:\n name: \"molecule_pdns/{{ platforms.results[item].item.name | lower | regex_replace('[^a-z0-9_.-]', '_') }}-{{ molecule_docker_arch }}\"\n source: build\n build:\n dockerfile: \"{{ platforms.results[item].item.dockerfile | default(platforms.results[item].dest) }}\"\n path: \"{{ molecule_ephemeral_directory }}\"\n platform: \"{{ platforms.results[item].item.platform | default(molecule_docker_platform) }}\"\n pull: true\n force_source: \"{{ platforms.results[item].item.force | default(false) | bool }}\"\n force_tag: \"{{ platforms.results[item].item.force | default(false) | bool }}\"\n loop: \"{{ range(0, platforms.results | length) | list }}\"\n loop_control:\n label: \"{{ platforms.results[item].item.name }}\"\n when: >-\n (platforms.results[item].get('changed', false) | bool) or\n ((docker_images.results[item].images | default([])) | length == 0) or\n (((docker_images.results[item].images | default([]) | first | default({})).Architecture | default('')) != molecule_docker_arch) or\n (platforms.results[item].item.force | default(false) | bool)\n\n - name: Create molecule instance(s)\n community.docker.docker_container:\n name: \"{{ item.name }}\"\n hostname: \"{{ item.name }}\"\n image: \"{{ item.image }}\"\n platform: \"{{ item.platform | default(molecule_docker_platform) }}\"\n state: started\n recreate: false\n env: \"{{ item.env | default(omit) }}\"\n privileged: \"no\"\n volumes: \"{{ item.volumes | default(omit) }}\"\n with_items: \"{{ molecule_service_instances }}\"\n\n - name: Create the required Services instance(s)\n community.docker.docker_container:\n name: \"{{ item.name }}\"\n hostname: \"{{ item.name }}\"\n image: \"molecule_pdns/{{ item.name | lower | regex_replace('[^a-z0-9_.-]', '_') }}-{{ molecule_docker_arch }}\"\n platform: \"{{ item.platform | default(molecule_docker_platform) }}\"\n links: \"{{ molecule_service_instances | map(attribute='name') | list }}\"\n command: \"{{ item.command | default(omit) }}\"\n state: started\n recreate: false\n privileged: \"yes\"\n volumes:\n # Mount the cgroups fs to allow SystemD to run into the containers\n - \"/sys/fs/cgroup:/sys/fs/cgroup:rw\"\n cgroupns_mode: host\n with_items: \"{{ molecule_platform_instances }}\"\n"
},
{
"path": "molecule/resources/destroy.yml",
"content": "---\n\n- name: Destroy the Molecule Test Resources\n hosts: localhost\n connection: local\n gather_facts: false\n vars_files:\n - vars/molecule.yml\n tasks:\n - name: Destroy the target Platforms instance(s)\n community.docker.docker_container:\n name: \"{{ item.name }}\"\n state: absent\n force_kill: \"{{ item.force_kill | default(true) }}\"\n with_items: \"{{ molecule_yml.platforms }}\"\n"
},
{
"path": "molecule/resources/prepare.yml",
"content": "---\n\n- name: Prepare the Molecule Test Resources\n hosts: pdns\n tasks:\n # Make sure the default MySQL and SQLite\n # schemas are installed in /usr/share/doc/\n - name: Disable the YUM 'nodocs' option\n ansible.builtin.lineinfile:\n line: tsflags=nodocs\n dest: /etc/yum.conf\n state: absent\n when: ansible_pkg_mgr == 'yum'\n\n - name: Disable the APT 'nodoc' option\n ansible.builtin.lineinfile:\n line: path-exclude=/usr/share/doc/*\n dest: /etc/dpkg/dpkg.cfg.d/excludes\n state: absent\n when: ansible_pkg_mgr == 'apt'\n\n - name: Disable the pacman 'NoExtract' option for docs\n ansible.builtin.replace:\n path: /etc/pacman.conf\n regexp: '^(\\s*NoExtract\\s*=\\s*)usr/share/doc/\\*(\\s*)'\n replace: '\\1\\2'\n when: ansible_pkg_mgr == 'pacman'\n\n - name: Disable the pacman 'NoExtract' doc token in lists\n ansible.builtin.replace:\n path: /etc/pacman.conf\n regexp: '(\\s+)usr/share/doc/\\*'\n replace: '\\1'\n when: ansible_pkg_mgr == 'pacman'\n\n # Install rsyslog to capture the PowerDNS Recursor log messages\n # when the service is not managed by systemd\n - name: Install rsyslog\n when: ansible_service_mgr != 'systemd'\n block:\n - name: Install rsyslog\n ansible.builtin.package:\n name: rsyslog\n state: present\n\n - name: Start rsyslog\n ansible.builtin.service:\n name: rsyslog\n state: started\n\n - name: Install dnspython and acl on Debian/Ubuntu\n ansible.builtin.apt:\n name:\n - python3-dnspython\n - acl\n state: present\n update_cache: true\n when: ansible_os_family == 'Debian'\n\n - name: Install dnspython on RHEL/Alma/Rocky/OL\n ansible.builtin.dnf:\n name: python3-dns\n state: present\n when: ansible_os_family == 'RedHat'\n\n - name: Install dnspython on Archlinux\n ansible.builtin.package:\n name: python-dnspython\n state: present\n when: ansible_pkg_mgr == 'pacman'\n"
},
{
"path": "molecule/resources/tests/all/test_common.py",
"content": "\ndebian_os = ['debian', 'ubuntu']\nrhel_os = ['redhat', 'centos', 'ol', 'rocky', 'almalinux']\narchlinux_os = ['arch', 'archarm']\n\n\ndef test_distribution(host):\n assert host.system_info.distribution.lower() in debian_os + rhel_os + \\\n archlinux_os\n\n\ndef test_package(host):\n distro = host.system_info.distribution.lower()\n if distro in debian_os:\n assert host.package('pdns-server').is_installed\n return\n if distro in rhel_os:\n assert host.package('pdns').is_installed\n return\n if distro in archlinux_os:\n # testinfra does not map \"archarm\" to ArchPackage, so query pacman directly\n if distro == 'archarm':\n assert host.run('pacman -Q powerdns').rc == 0\n return\n assert host.package('powerdns').is_installed\n\n\ndef test_service(host):\n # Using Ansible to mitigate some issues with the service test on debian-8\n unit = 'pdns'\n for config_dir in ('/etc/powerdns', '/etc/pdns'):\n if host.file(f'{config_dir}/pdns-lmdb.conf').exists:\n unit = 'pdns@lmdb'\n break\n\n s = host.ansible('service', f'name={unit} state=started enabled=yes')\n\n assert s[\"changed\"] is False\n"
},
{
"path": "molecule/resources/tests/backend-bind/test_backend_bind.py",
"content": "debian_os = ['debian', 'ubuntu']\nrhel_os = ['redhat', 'centos', 'ol', 'rocky', 'almalinux']\narchlinux_os = ['arch', 'archarm']\n\n\ndef _pdns_config_dir(host):\n if host.system_info.distribution.lower() in debian_os + archlinux_os:\n return '/etc/powerdns'\n return '/etc/pdns'\n\n\ndef _bind_config_file(host):\n config_dir = _pdns_config_dir(host)\n bind_instance_conf = host.file(f'{config_dir}/pdns-bind.conf')\n if bind_instance_conf.exists:\n return bind_instance_conf\n return host.file(f'{config_dir}/pdns.conf')\n\n\ndef test_config(host):\n config_dir = _pdns_config_dir(host)\n with host.sudo():\n f = _bind_config_file(host)\n assert f.exists\n assert f.contains('launch+=bind')\n assert f.contains(f'bind-config={config_dir}/named.conf')\n\n\ndef test_bind_configuration_files(host):\n config_dir = _pdns_config_dir(host)\n with host.sudo():\n named_conf = host.file(f'{config_dir}/named.conf')\n zone_file = host.file(f'{config_dir}/bind.test.zone')\n\n assert named_conf.exists\n assert named_conf.contains('zone \"bind.test\" IN')\n assert named_conf.contains('file \"bind.test.zone\"')\n\n assert zone_file.exists\n assert zone_file.contains('SOA ns1.bind.test.')\n\n\ndef test_bind_instance_service_is_active(host):\n cmd = host.run('systemctl is-active pdns@bind')\n assert cmd.rc == 0\n assert cmd.stdout.strip() == 'active'\n"
},
{
"path": "molecule/resources/tests/backend-lmdb/test_backend_lmdb.py",
"content": "debian_os = ['debian', 'ubuntu']\nrhel_os = ['redhat', 'centos', 'ol', 'rocky', 'almalinux']\narchlinux_os = ['arch', 'archarm']\n\n\ndef _pdns_config_dir(host):\n if host.system_info.distribution.lower() in debian_os + archlinux_os:\n return '/etc/powerdns'\n return '/etc/pdns'\n\n\ndef _lmdb_config_file(host):\n config_dir = _pdns_config_dir(host)\n lmdb_instance_conf = host.file(f'{config_dir}/pdns-lmdb.conf')\n if lmdb_instance_conf.exists:\n return lmdb_instance_conf\n return host.file(f'{config_dir}/pdns.conf')\n\n\ndef test_package(host):\n if host.system_info.distribution.lower() in debian_os + rhel_os:\n p = host.package('pdns-backend-lmdb')\n assert p.is_installed\n\n\ndef test_config(host):\n with host.sudo():\n f = _lmdb_config_file(host)\n\n assert f.exists\n assert f.contains('launch+=lmdb')\n assert f.contains('lmdb-filename=/var/lib/powerdns/pdns.lmdb')\n\n\ndef test_lmdb_instance_service_is_active(host):\n config_dir = _pdns_config_dir(host)\n instance_conf = host.file(f'{config_dir}/pdns-lmdb.conf')\n unit = 'pdns@lmdb' if instance_conf.exists else 'pdns'\n cmd = host.run(f'systemctl is-active {unit}')\n assert cmd.rc == 0\n assert cmd.stdout.strip() == 'active'\n"
},
{
"path": "molecule/resources/tests/backend-mariadb/test_backend_mariadb.py",
"content": "debian_os = ['debian', 'ubuntu']\nrhel_os = ['redhat', 'centos', 'ol', 'rocky', 'almalinux']\narchlinux_os = ['arch', 'archarm']\n\n\ndef _pdns_config_dir(host):\n if host.system_info.distribution.lower() in debian_os + archlinux_os:\n return '/etc/powerdns'\n return '/etc/pdns'\n\n\ndef _mariadb_config_file(host):\n config_dir = _pdns_config_dir(host)\n mariadb_instance_conf = host.file(f'{config_dir}/pdns-mariadb.conf')\n if mariadb_instance_conf.exists:\n return mariadb_instance_conf\n return host.file(f'{config_dir}/pdns.conf')\n\n\ndef test_package(host):\n if host.system_info.distribution.lower() in debian_os + rhel_os:\n p = host.package('pdns-backend-mysql')\n assert p.is_installed\n\n\ndef test_config(host):\n with host.sudo():\n f = _mariadb_config_file(host)\n\n dbname = host.check_output('hostname -s').replace('.', '_')\n\n assert f.exists\n assert f.contains('launch+=gmysql:mariadb')\n assert f.contains('gmysql-mariadb-host=mariadb')\n assert f.contains('gmysql-mariadb-password=pdns')\n assert f.contains('gmysql-mariadb-dbname=' + dbname)\n assert f.contains('gmysql-mariadb-user=pdns')\n"
},
{
"path": "molecule/resources/tests/backend-mysql/test_backend_mysql.py",
"content": "debian_os = ['debian', 'ubuntu']\nrhel_os = ['redhat', 'centos', 'ol', 'rocky', 'almalinux']\narchlinux_os = ['arch', 'archarm']\n\n\ndef _pdns_config_dir(host):\n if host.system_info.distribution.lower() in debian_os + archlinux_os:\n return '/etc/powerdns'\n return '/etc/pdns'\n\n\ndef _mysql_config_file(host):\n config_dir = _pdns_config_dir(host)\n mysql_instance_conf = host.file(f'{config_dir}/pdns-mysql.conf')\n if mysql_instance_conf.exists:\n return mysql_instance_conf\n return host.file(f'{config_dir}/pdns.conf')\n\n\ndef test_package(host):\n if host.system_info.distribution.lower() in debian_os + rhel_os:\n p = host.package('pdns-backend-mysql')\n assert p.is_installed\n\n\ndef test_config(host):\n with host.sudo():\n f = _mysql_config_file(host)\n\n dbname = host.check_output('hostname -s').replace('.', '_')\n\n assert f.exists\n assert f.contains('launch+=gmysql:mysql')\n assert f.contains('gmysql-mysql-host=mysql')\n assert f.contains('gmysql-mysql-password=pdns')\n assert f.contains('gmysql-mysql-dbname=' + dbname)\n assert f.contains('gmysql-mysql-user=pdns')\n"
},
{
"path": "molecule/resources/tests/backend-postgresql/test_backend_postgresql.py",
"content": "debian_os = ['debian', 'ubuntu']\nrhel_os = ['redhat', 'centos', 'ol', 'rocky', 'almalinux']\narchlinux_os = ['arch', 'archarm']\n\n\ndef _pdns_config_dir(host):\n if host.system_info.distribution.lower() in debian_os + archlinux_os:\n return '/etc/powerdns'\n return '/etc/pdns'\n\n\ndef _postgresql_config_file(host):\n config_dir = _pdns_config_dir(host)\n pgsql_instance_conf = host.file(f'{config_dir}/pdns-postgresql.conf')\n if pgsql_instance_conf.exists:\n return pgsql_instance_conf\n return host.file(f'{config_dir}/pdns.conf')\n\n\ndef test_package(host):\n distribution = host.system_info.distribution.lower()\n if distribution in debian_os:\n package = host.package('pdns-backend-pgsql')\n assert package.is_installed\n if distribution in rhel_os:\n package = host.package('pdns-backend-postgresql')\n assert package.is_installed\n\n\ndef test_config(host):\n with host.sudo():\n f = _postgresql_config_file(host)\n dbname = host.check_output('hostname -s').replace('.', '_')\n\n assert f.exists\n assert f.contains('launch+=gpgsql')\n assert f.contains('gpgsql-host=postgresql')\n assert f.contains('gpgsql-password=pdns')\n assert f.contains('gpgsql-dbname=' + dbname)\n assert f.contains('gpgsql-user=pdns')\n\n\ndef test_postgresql_instance_service_is_active(host):\n cmd = host.run('systemctl is-active pdns@postgresql')\n assert cmd.rc == 0\n assert cmd.stdout.strip() == 'active'\n"
},
{
"path": "molecule/resources/tests/backend-sqlite/test_backend_sqlite.py",
"content": "debian_os = ['debian', 'ubuntu']\nrhel_os = ['redhat', 'centos', 'ol', 'rocky', 'almalinux']\narchlinux_os = ['arch', 'archarm']\n\n\ndef _pdns_config_dir(host):\n if host.system_info.distribution.lower() in debian_os + archlinux_os:\n return '/etc/powerdns'\n return '/etc/pdns'\n\n\ndef _sqlite_config_file(host):\n config_dir = _pdns_config_dir(host)\n sqlite_instance_conf = host.file(f'{config_dir}/pdns-sqlite.conf')\n if sqlite_instance_conf.exists:\n return sqlite_instance_conf\n return host.file(f'{config_dir}/pdns.conf')\n\n\ndef test_package(host):\n if host.system_info.distribution.lower() in debian_os + rhel_os:\n if host.system_info.distribution.lower() in debian_os:\n p = host.package('pdns-backend-sqlite3')\n if host.system_info.distribution.lower() in rhel_os:\n p = host.package('pdns-backend-sqlite')\n\n assert p.is_installed\n\n\ndef test_config(host):\n with host.sudo():\n f = _sqlite_config_file(host)\n assert f.exists\n assert f.contains('launch+=gsqlite3')\n assert f.contains('gsqlite3-database=/var/lib/powerdns/pdns.sqlite3')\n\n\ndef test_database_exists(host):\n f = host.file('/var/lib/powerdns/pdns.sqlite3')\n user = 'pdns'\n if host.system_info.distribution.lower() in archlinux_os:\n user = 'powerdns'\n\n assert f.exists\n assert f.user == user\n assert f.group == user\n assert f.mode == 0o640\n assert f.size > 10000\n"
},
{
"path": "molecule/resources/tests/backend-zones/test_backend_zones.py",
"content": "def _normalize_zone(zone):\n return zone.rstrip('.')\n\n\ndef _dns_lookup_rcode(host, zone, port):\n script = (\n \"import sys,dns.message,dns.query,dns.rdatatype;\"\n \"zone=sys.argv[1].rstrip('.');\"\n \"port=int(sys.argv[2]);\"\n \"query=dns.message.make_query(zone,dns.rdatatype.SOA);\"\n \"response=dns.query.udp(query,'127.0.0.1',port=port,timeout=3);\"\n \"print(int(response.rcode()))\"\n )\n command = f'python3 -c \"{script}\" \"{zone}\" \"{port}\"'\n result = host.run(command)\n assert result.rc == 0, result.stderr\n return int(result.stdout.strip())\n\n\ndef _pdnsutil_command(subcommand, zone=None, config_name=''):\n command_parts = ['pdnsutil']\n if config_name:\n command_parts.append(f'--config-name={config_name}')\n command_parts.append(subcommand)\n if zone:\n command_parts.append(zone)\n return ' '.join(command_parts)\n\n\ndef test_backend_zones_are_listed(host):\n expected_zones = (\n ('lmdb.test', 'lmdb'),\n ('sqlite3.test', 'sqlite'),\n ('mysql.test', 'mysql'),\n ('mariadb.test', 'mariadb'),\n ('postgresql.test', 'postgresql'),\n )\n\n for zone, config_name in expected_zones:\n cmd = host.run(_pdnsutil_command('list-all-zones', config_name=config_name))\n assert cmd.rc == 0\n discovered_zones = {\n _normalize_zone(line.strip())\n for line in cmd.stdout.splitlines()\n if line.strip()\n }\n assert zone in discovered_zones\n\n\ndef test_backend_zones_are_queryable(host):\n expected_zones = (\n ('lmdb.test', 'lmdb'),\n ('sqlite3.test', 'sqlite'),\n ('mysql.test', 'mysql'),\n ('mariadb.test', 'mariadb'),\n ('postgresql.test', 'postgresql'),\n )\n\n for zone, config_name in expected_zones:\n cmd = host.run(_pdnsutil_command('list-zone', zone=zone, config_name=config_name))\n assert cmd.rc == 0\n assert zone in cmd.stdout\n\n\ndef test_backend_zones_dns_lookup_noerror(host):\n expected_zones = (\n ('lmdb.test', 54),\n ('sqlite3.test', 55),\n ('mysql.test', 56),\n ('mariadb.test', 57),\n ('bind.test', 58),\n ('postgresql.test', 59),\n )\n\n for zone, port in expected_zones:\n assert _dns_lookup_rcode(host, zone, port) == 0\n"
},
{
"path": "molecule/resources/tests/repo-48/test_repo_48.py",
"content": "import re\n\ndebian_os = ['debian', 'ubuntu']\nrhel_os = ['redhat', 'centos', 'ol', 'rocky', 'almalinux']\n\n\ndef _release_major(host):\n release = host.system_info.release\n match = re.match(r'^(\\d+)', release)\n return int(match.group(1)) if match else 0\n\n\ndef _supports_deb822(host):\n distro = host.system_info.distribution.lower()\n major = _release_major(host)\n if distro == 'ubuntu':\n return major >= 22\n if distro == 'debian':\n return True\n return False\n\n\ndef _assert_debian_repo_layout(host):\n distro = host.system_info.distribution.lower()\n if distro not in debian_os:\n return\n\n sources_file = host.file('/etc/apt/sources.list.d/powerdns-auth-48.sources')\n list_file = host.file('/etc/apt/sources.list.d/powerdns-auth-48.list')\n\n if _supports_deb822(host):\n assert sources_file.exists\n assert not list_file.exists\n else:\n assert list_file.exists\n assert not sources_file.exists\n\n\ndef _repo_file(host):\n distro = host.system_info.distribution.lower()\n if distro in debian_os:\n if _supports_deb822(host):\n return host.file('/etc/apt/sources.list.d/powerdns-auth-48.sources')\n return host.file('/etc/apt/sources.list.d/powerdns-auth-48.list')\n if distro in rhel_os:\n return host.file('/etc/yum.repos.d/powerdns-auth-48.repo')\n return None\n\n\ndef test_repo_file(host):\n _assert_debian_repo_layout(host)\n f = _repo_file(host)\n assert f is not None\n assert f.exists\n assert f.user == 'root'\n assert f.group == 'root'\n\n\ndef test_pdns_repo(host):\n f = _repo_file(host)\n assert f is not None\n assert f.exists\n assert f.contains('auth-48')\n\n\ndef test_repo_pinning_file(host):\n if host.system_info.distribution.lower() in debian_os:\n f = host.file('/etc/apt/preferences.d/pdns')\n assert f.exists\n assert f.user == 'root'\n assert f.group == 'root'\n f.contains('Package: pdns-*')\n f.contains('Pin: origin repo.powerdns.com')\n f.contains('Pin-Priority: 600')\n\n\ndef test_pdns_version(host):\n cmd = host.run('/usr/sbin/pdns_server --version')\n\n assert 'PowerDNS Authoritative Server' in cmd.stderr\n assert '4.8' in cmd.stderr\n"
},
{
"path": "molecule/resources/tests/repo-49/test_repo_49.py",
"content": "import re\n\ndebian_os = ['debian', 'ubuntu']\nrhel_os = ['redhat', 'centos', 'ol', 'rocky', 'almalinux']\n\n\ndef _release_major(host):\n release = host.system_info.release\n match = re.match(r'^(\\d+)', release)\n return int(match.group(1)) if match else 0\n\n\ndef _supports_deb822(host):\n distro = host.system_info.distribution.lower()\n major = _release_major(host)\n if distro == 'ubuntu':\n return major >= 22\n if distro == 'debian':\n return True\n return False\n\n\ndef _assert_debian_repo_layout(host):\n distro = host.system_info.distribution.lower()\n if distro not in debian_os:\n return\n\n sources_file = host.file('/etc/apt/sources.list.d/powerdns-auth-49.sources')\n list_file = host.file('/etc/apt/sources.list.d/powerdns-auth-49.list')\n\n if _supports_deb822(host):\n assert sources_file.exists\n assert not list_file.exists\n else:\n assert list_file.exists\n assert not sources_file.exists\n\n\ndef _repo_file(host):\n distro = host.system_info.distribution.lower()\n if distro in debian_os:\n if _supports_deb822(host):\n return host.file('/etc/apt/sources.list.d/powerdns-auth-49.sources')\n return host.file('/etc/apt/sources.list.d/powerdns-auth-49.list')\n if distro in rhel_os:\n return host.file('/etc/yum.repos.d/powerdns-auth-49.repo')\n return None\n\n\ndef test_repo_file(host):\n _assert_debian_repo_layout(host)\n f = _repo_file(host)\n assert f is not None\n assert f.exists\n assert f.user == 'root'\n assert f.group == 'root'\n\n\ndef test_pdns_repo(host):\n f = _repo_file(host)\n assert f is not None\n assert f.exists\n assert f.contains('auth-49')\n\n\ndef test_repo_pinning_file(host):\n if host.system_info.distribution.lower() in debian_os:\n f = host.file('/etc/apt/preferences.d/pdns')\n assert f.exists\n assert f.user == 'root'\n assert f.group == 'root'\n f.contains('Package: pdns-*')\n f.contains('Pin: origin repo.powerdns.com')\n f.contains('Pin-Priority: 600')\n\n\ndef test_pdns_version(host):\n cmd = host.run('/usr/sbin/pdns_server --version')\n output = f'{cmd.stdout}\\n{cmd.stderr}'\n\n assert 'PowerDNS Authoritative Server' in output\n assert '4.9' in output\n"
},
{
"path": "molecule/resources/tests/repo-50/test_repo_50.py",
"content": "import re\n\ndebian_os = ['debian', 'ubuntu']\nrhel_os = ['redhat', 'centos', 'ol', 'rocky', 'almalinux']\n\n\ndef _release_major(host):\n release = host.system_info.release\n match = re.match(r'^(\\d+)', release)\n return int(match.group(1)) if match else 0\n\n\ndef _supports_deb822(host):\n distro = host.system_info.distribution.lower()\n major = _release_major(host)\n if distro == 'ubuntu':\n return major >= 22\n if distro == 'debian':\n return True\n return False\n\n\ndef _assert_debian_repo_layout(host):\n distro = host.system_info.distribution.lower()\n if distro not in debian_os:\n return\n\n sources_file = host.file('/etc/apt/sources.list.d/powerdns-auth-50.sources')\n list_file = host.file('/etc/apt/sources.list.d/powerdns-auth-50.list')\n\n if _supports_deb822(host):\n assert sources_file.exists\n assert not list_file.exists\n else:\n assert list_file.exists\n assert not sources_file.exists\n\n\ndef _repo_file(host):\n distro = host.system_info.distribution.lower()\n if distro in debian_os:\n if _supports_deb822(host):\n return host.file('/etc/apt/sources.list.d/powerdns-auth-50.sources')\n return host.file('/etc/apt/sources.list.d/powerdns-auth-50.list')\n if distro in rhel_os:\n return host.file('/etc/yum.repos.d/powerdns-auth-50.repo')\n return None\n\n\ndef test_repo_file(host):\n _assert_debian_repo_layout(host)\n f = _repo_file(host)\n assert f is not None\n assert f.exists\n assert f.user == 'root'\n assert f.group == 'root'\n\n\ndef test_pdns_repo(host):\n f = _repo_file(host)\n assert f is not None\n assert f.exists\n assert f.contains('auth-50')\n\n\ndef test_repo_pinning_file(host):\n if host.system_info.distribution.lower() in debian_os:\n f = host.file('/etc/apt/preferences.d/pdns')\n assert f.exists\n assert f.user == 'root'\n assert f.group == 'root'\n f.contains('Package: pdns-*')\n f.contains('Pin: origin repo.powerdns.com')\n f.contains('Pin-Priority: 600')\n\n\ndef test_pdns_version(host):\n cmd = host.run('/usr/sbin/pdns_server --version')\n output = f'{cmd.stdout}\\n{cmd.stderr}'\n\n assert 'PowerDNS Authoritative Server' in output\n assert '5.0' in output\n"
},
{
"path": "molecule/resources/tests/repo-master/test_repo_master.py",
"content": "import re\n\ndebian_os = ['debian', 'ubuntu']\nrhel_os = ['redhat', 'centos', 'ol', 'rocky', 'almalinux']\n\n\ndef _release_major(host):\n release = host.system_info.release\n match = re.match(r'^(\\d+)', release)\n return int(match.group(1)) if match else 0\n\n\ndef _supports_deb822(host):\n distro = host.system_info.distribution.lower()\n major = _release_major(host)\n if distro == 'ubuntu':\n return major >= 22\n if distro == 'debian':\n return True\n return False\n\n\ndef _assert_debian_repo_layout(host):\n distro = host.system_info.distribution.lower()\n if distro not in debian_os:\n return\n\n sources_file = host.file('/etc/apt/sources.list.d/powerdns-auth-master.sources')\n list_file = host.file('/etc/apt/sources.list.d/powerdns-auth-master.list')\n\n if _supports_deb822(host):\n assert sources_file.exists\n assert not list_file.exists\n else:\n assert list_file.exists\n assert not sources_file.exists\n\n\ndef _repo_file(host):\n distro = host.system_info.distribution.lower()\n if distro in debian_os:\n if _supports_deb822(host):\n return host.file('/etc/apt/sources.list.d/powerdns-auth-master.sources')\n return host.file('/etc/apt/sources.list.d/powerdns-auth-master.list')\n if distro in rhel_os:\n return host.file('/etc/yum.repos.d/powerdns-auth-master.repo')\n return None\n\n\ndef test_repo_file(host):\n _assert_debian_repo_layout(host)\n f = _repo_file(host)\n assert f is not None\n assert f.exists\n assert f.user == 'root'\n assert f.group == 'root'\n\n\ndef test_pdns_repo(host):\n f = _repo_file(host)\n assert f is not None\n assert f.exists\n assert f.contains('auth-master')\n\n\ndef test_repo_pinning_file(host):\n if host.system_info.distribution.lower() in debian_os:\n f = host.file('/etc/apt/preferences.d/pdns')\n assert f.exists\n assert f.user == 'root'\n assert f.group == 'root'\n f.contains('Package: pdns-*')\n f.contains('Pin: origin repo.powerdns.com')\n f.contains('Pin-Priority: 600')\n\n\ndef test_pdns_version(host):\n cmd = host.run('/usr/sbin/pdns_server --version')\n\n assert 'PowerDNS Authoritative Server' in cmd.stderr or 'PowerDNS Authoritative Server' in cmd.stdout\n assert 'master' in cmd.stderr or 'master' in cmd.stdout\n"
},
{
"path": "molecule/resources/tests/service-mask/test_service_mask.py",
"content": "def test_default_pdns_service_is_masked_and_stopped(host):\n smgr = host.ansible(\"setup\")[\"ansible_facts\"][\"ansible_service_mgr\"]\n if smgr != 'systemd':\n return\n\n is_enabled = host.run('systemctl is-enabled pdns')\n assert is_enabled.stdout.strip() == 'masked'\n\n is_active = host.run('systemctl is-active pdns')\n assert is_active.stdout.strip() != 'active'\n\n # Port 53 may appear as listening in containerized environments even when no\n # default pdns process is running. Validate behavior instead: querying a\n # zone provisioned on instance backends must not succeed on the default port.\n query = host.run(\n \"\"\"python3 - <<'PY'\nimport dns.exception\nimport dns.message\nimport dns.query\nimport dns.rdatatype\n\nquery = dns.message.make_query('lmdb.test', dns.rdatatype.SOA)\ntry:\n response = dns.query.udp(query, '127.0.0.1', port=53, timeout=2)\n print(response.rcode())\nexcept dns.exception.Timeout:\n print('TIMEOUT')\nPY\"\"\"\n )\n assert query.rc == 0, query.stderr\n assert query.stdout.strip() in ('TIMEOUT', '5')\n"
},
{
"path": "molecule/resources/tests/systemd-no-override/test_override.py",
"content": "def test_systemd_override(host):\n smgr = host.ansible(\"setup\")[\"ansible_facts\"][\"ansible_service_mgr\"]\n if smgr == 'systemd':\n fname = '/etc/systemd/system/pdns.service.d/override.conf'\n f = host.file(fname)\n\n assert not f.exists\n"
},
{
"path": "molecule/resources/tests/systemd-override/test_override.py",
"content": "def test_systemd_override(host):\n smgr = host.ansible(\"setup\")[\"ansible_facts\"][\"ansible_service_mgr\"]\n if smgr == 'systemd':\n fname = '/etc/systemd/system/pdns.service.d/override.conf'\n for config_dir in ('/etc/powerdns', '/etc/pdns'):\n if host.file(f'{config_dir}/pdns-lmdb.conf').exists:\n fname = '/etc/systemd/system/pdns@lmdb.service.d/override.conf'\n break\n f = host.file(fname)\n\n assert f.exists\n assert f.user == 'root'\n assert f.group == 'root'\n assert f.contains('LimitCORE=infinity')\n"
},
{
"path": "molecule/resources/vars/molecule.yml",
"content": "---\nmolecule_file: \"{{ lookup('env', 'MOLECULE_FILE') }}\"\nmolecule_ephemeral_directory: \"{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}\"\nmolecule_scenario_directory: \"{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}\"\nrole_file: requirements.yml\nrequirements_file: requirements.yml\nmolecule_yml: \"{{ lookup('file', molecule_file) | from_yaml }}\"\n"
},
{
"path": "molecule/resources/vars/pdns-backend-bind.yml",
"content": "---\n\n# Bind backend profile\npdns_backends_bind:\n bind:\n config: \"{{ pdns_config_dir }}/named.conf\"\n\npdns_instance:\n service_name: \"pdns@bind\"\n service_enabled: \"no\"\n config_file: \"pdns-bind.conf\"\n config_name: \"bind\"\n config_overrides:\n local-port: \"58\"\n webserver-port: \"8006\"\n zone: \"bind.test\"\n\npdns_config_files_bind:\n - dest: named.conf\n mode: \"0640\"\n content: |\n options {\n directory \"{{ pdns_config_dir }}\";\n };\n zone \"bind.test\" IN {\n type master;\n file \"bind.test.zone\";\n };\n - dest: bind.test.zone\n mode: \"0640\"\n content: |\n $TTL 60\n @ IN SOA ns1.bind.test. hostmaster.bind.test. 2026022101 3600 1800 1209600 60\n @ IN NS ns1.bind.test.\n ns1 IN A 127.0.0.1\n @ IN A 127.0.0.58\n\npdns_config_overrides_bind: {}\n\npdns_backends: \"{{ pdns_backends_bind }}\"\npdns_config_files: \"{{ pdns_config_files_bind }}\"\n"
},
{
"path": "molecule/resources/vars/pdns-backend-lmdb.yml",
"content": "---\n\n# LMDB backend profile\npdns_backends_lmdb:\n lmdb:\n filename: /var/lib/powerdns/pdns.lmdb\n\npdns_instance:\n service_name: \"pdns@lmdb\"\n service_enabled: \"yes\"\n config_file: \"pdns-lmdb.conf\"\n config_name: \"lmdb\"\n config_overrides:\n local-port: \"54\"\n webserver-port: \"8002\"\n\n zone: \"lmdb.test\"\n\npdns_lmdb_databases_locations_lmdb:\n - '/var/lib/powerdns/pdns.lmdb'\n\npdns_config_overrides_lmdb: {}\n\npdns_backends: \"{{ pdns_backends_lmdb }}\"\npdns_lmdb_databases_locations: \"{{ pdns_lmdb_databases_locations_lmdb }}\"\n"
},
{
"path": "molecule/resources/vars/pdns-backend-mariadb.yml",
"content": "---\n\n# MariaDB backend profile\npdns_backends_mariadb:\n 'gmysql:mariadb':\n host: \"mariadb\"\n dbname: \"{{ ansible_hostname | replace('.', '_') }}\"\n user: \"pdns_{{ ansible_hostname | replace('.', '_') | replace('-', '_') }}\"\n password: pdns\n\npdns_instance:\n service_name: \"pdns@mariadb\"\n service_enabled: \"no\"\n config_file: \"pdns-mariadb.conf\"\n config_name: \"mariadb\"\n config_overrides:\n local-port: \"57\"\n webserver-port: \"8005\"\n zone: \"mariadb.test\"\n\npdns_mysql_databases_credentials_mariadb:\n 'gmysql:mariadb':\n priv_user: root\n priv_password: \"{{ ansible_env.MARIADB_ENV_MARIADB_ROOT_PASSWORD | default('pdns') }}\"\n priv_host:\n - '%'\n - 'localhost'\n\n# Molecule uses a remote MariaDB service container, so connections must use TCP.\npdns_mysql_query_use_socket_mariadb: false\npdns_mysql_schema_on_first_node_only: false\npdns_backends_mysql_cmd: \"mysql\"\npdns_mysql_cli_extra_args_mariadb: >-\n {{ '--ssl-mode=DISABLED' if ansible_distribution == 'Ubuntu'\n else '--skip-ssl' }}\npdns_mysql_cli_extra_args: \"{{ pdns_mysql_cli_extra_args_mariadb }}\"\n\npdns_config_overrides_mariadb: {}\n\npdns_backends: \"{{ pdns_backends_mariadb }}\"\npdns_mysql_databases_credentials: \"{{ pdns_mysql_databases_credentials_mariadb }}\"\npdns_mysql_query_use_socket: \"{{ pdns_mysql_query_use_socket_mariadb }}\"\n"
},
{
"path": "molecule/resources/vars/pdns-backend-mysql.yml",
"content": "---\n\n# MySQL backend profile\npdns_backends_mysql:\n 'gmysql:mysql':\n host: \"mysql\"\n dbname: \"{{ ansible_hostname | replace('.', '_') }}\"\n user: \"pdns_{{ ansible_hostname | replace('.', '_') | replace('-', '_') }}\"\n password: pdns\n\npdns_instance:\n service_name: \"pdns@mysql\"\n service_enabled: \"no\"\n config_file: \"pdns-mysql.conf\"\n config_name: \"mysql\"\n config_overrides:\n local-port: \"56\"\n webserver-port: \"8004\"\n zone: \"mysql.test\"\n\npdns_mysql_databases_credentials_mysql:\n 'gmysql:mysql':\n priv_user: root\n priv_password: \"{{ ansible_env.MYSQL_ENV_MYSQL_ROOT_PASSWORD | default('pdns') }}\"\n priv_host:\n - '%'\n - 'localhost'\n # MySQL 8.4/9 disables mysql_native_password by default.\n auth_plugin: caching_sha2_password\n\n# Molecule uses a remote MySQL service container, so connections must use TCP.\npdns_mysql_query_use_socket_mysql: false\npdns_mysql_schema_on_first_node_only: false\npdns_backends_mysql_cmd: \"mysql\"\npdns_mysql_cli_extra_args_mysql: >-\n {{ '--ssl-mode=DISABLED --get-server-public-key' if ansible_distribution == 'Ubuntu'\n else '--skip-ssl' }}\npdns_mysql_cli_extra_args: \"{{ pdns_mysql_cli_extra_args_mysql }}\"\n\npdns_config_overrides_mysql: {}\n\npdns_backends: \"{{ pdns_backends_mysql }}\"\npdns_mysql_databases_credentials: \"{{ pdns_mysql_databases_credentials_mysql }}\"\npdns_mysql_query_use_socket: \"{{ pdns_mysql_query_use_socket_mysql }}\"\n"
},
{
"path": "molecule/resources/vars/pdns-backend-postgresql.yml",
"content": "---\n\n# PostgreSQL backend profile\npdns_backends_pgsql:\n gpgsql:\n host: \"postgresql\"\n dbname: \"{{ ansible_hostname | replace('.', '_') }}\"\n user: \"pdns_{{ ansible_hostname | replace('.', '_') | replace('-', '_') }}\"\n password: pdns\n\npdns_instance:\n service_name: \"pdns@postgresql\"\n service_enabled: \"no\"\n config_file: \"pdns-postgresql.conf\"\n config_name: \"postgresql\"\n config_overrides:\n local-port: \"59\"\n webserver-port: \"8007\"\n zone: \"postgresql.test\"\n\npdns_pgsql_databases_credentials_pgsql:\n gpgsql:\n priv_user: postgres\n priv_password: \"{{ ansible_env.POSTGRESQL_ENV_POSTGRES_PASSWORD | default('pdns') }}\"\n\npdns_pgsql_query_use_socket_pgsql: false\npdns_pgsql_schema_on_first_node_only: false\n\npdns_config_overrides_pgsql: {}\n\npdns_backends: \"{{ pdns_backends_pgsql }}\"\npdns_pgsql_databases_credentials: \"{{ pdns_pgsql_databases_credentials_pgsql }}\"\npdns_pgsql_query_use_socket: \"{{ pdns_pgsql_query_use_socket_pgsql }}\"\n"
},
{
"path": "molecule/resources/vars/pdns-backend-sqlite3.yml",
"content": "---\n\n# SQLite3 backend profile\npdns_backends_sqlite3:\n gsqlite3:\n database: /var/lib/powerdns/pdns.sqlite3\n dnssec: true\n\npdns_instance:\n service_name: \"pdns@sqlite\"\n service_enabled: \"no\"\n config_file: \"pdns-sqlite.conf\"\n config_name: \"sqlite\"\n config_overrides:\n local-port: \"55\"\n webserver-port: \"8003\"\n zone: \"sqlite3.test\"\n\npdns_sqlite_databases_locations_sqlite3:\n - '/var/lib/powerdns/pdns.sqlite3'\n\npdns_config_overrides_sqlite3: {}\n\npdns_backends: \"{{ pdns_backends_sqlite3 }}\"\npdns_sqlite_databases_locations: \"{{ pdns_sqlite_databases_locations_sqlite3 }}\"\n"
},
{
"path": "molecule/resources/vars/pdns-common.yml",
"content": "---\n\n##\n# PowerDNS Configuration\n##\n\npdns_config_common:\n\n # Turns on primary operations\n primary: true\n\n include-dir: \"user_pdns.d\"\n\n # Listen Address\n local-address: \"127.0.0.1\"\n local-port: \"53\"\n\n # API Configuration\n api: true\n api-key: \"powerdns\"\n\n # Embedded webserver\n webserver: true\n webserver-address: \"127.0.0.1\"\n webserver-port: \"8001\"\n\npdns_service_overrides:\n LimitCORE: infinity\n\npdns_config_additional_dirs:\n - path: \"{{ pdns_config_common['include-dir'] }}\"\n mode: \"0775\"\n\npdns_config_files:\n - dest: \"{{ pdns_config_common['include-dir'] }}/user.config\"\n mode: \"0750\"\n content: |\n # my additional config file\n version-string=powerdns\n"
},
{
"path": "molecule/resources/vars/pdns-no-overrides.yml",
"content": "---\n\n##\n# PowerDNS Configuration\n##\n\npdns_config:\n\n # Turns on primary operations\n primary: true\n\n # Listen Address\n local-address: \"127.0.0.1\"\n local-port: \"53\"\n\n # API Configuration\n api: true\n api-key: \"powerdns\"\n\n # Embedded webserver\n webserver: true\n webserver-address: \"0.0.0.0\"\n webserver-port: \"8001\"\n\npdns_service_overrides: {}\n"
},
{
"path": "molecule/resources/vars/pdns-os-repos.yml",
"content": "---\n\n##\n# PowerDNS Configuration\n##\n\n_pdns_config_base:\n\n # Listen Address\n local-address: \"127.0.0.1\"\n local-port: \"53\"\n\n # API Configuration\n api: true\n api-key: \"powerdns\"\n\n # Embedded webserver\n webserver: true\n webserver-address: \"0.0.0.0\"\n webserver-port: \"8001\"\n\n# Turns on master operations\n_pdns_config_primary:\n primary: true\n\npdns_config: \"{{ _pdns_config_base | combine(_pdns_config_legacy | default(_pdns_config_primary), recursive=True) }}\"\n\npdns_service_overrides:\n LimitCORE: infinity\n"
},
{
"path": "molecule/resources/vars/pdns-repo-48.yml",
"content": "---\n\n##\n# PowerDNS 4.8.x Repository\n##\n\npdns_install_repo: \"{{ pdns_auth_powerdns_repo_48 }}\"\n"
},
{
"path": "molecule/resources/vars/pdns-repo-49.yml",
"content": "---\n\n##\n# PowerDNS 4.9.x Repository\n##\n\npdns_install_repo: \"{{ pdns_auth_powerdns_repo_49 }}\"\n"
},
{
"path": "molecule/resources/vars/pdns-repo-50.yml",
"content": "---\n\n##\n# PowerDNS 5.0.x Repository\n##\n\npdns_install_repo: \"{{ pdns_auth_powerdns_repo_50 }}\"\n"
},
{
"path": "molecule/resources/vars/pdns-repo-master.yml",
"content": "---\n\n##\n# PowerDNS Master Repository\n##\n\npdns_install_repo: \"{{ pdns_auth_powerdns_repo_master }}\"\n"
},
{
"path": "requirements.yml",
"content": "---\ncollections:\n - name: community.mysql\n - name: community.postgresql\n - name: community.general\n version: \"<11.0.0\"\n - name: community.docker\n version: \"<5.0.0\"\n - name: ansible.posix\n"
},
{
"path": "tasks/configure.yml",
"content": "---\n- name: Set up systemd override\n when: ansible_service_mgr == \"systemd\"\n tags:\n - config\n block:\n\n - name: Ensure the override directory exists (systemd)\n ansible.builtin.file:\n name: \"/etc/systemd/system/{{ pdns_service_name }}.service.d\"\n state: directory\n owner: root\n group: root\n mode: \"0755\"\n\n - name: Override the PowerDNS Authoritative Server unit (systemd)\n ansible.builtin.template:\n src: \"override-service.systemd.conf.j2\"\n dest: \"/etc/systemd/system/{{ pdns_service_name }}.service.d/override.conf\"\n owner: root\n group: root\n mode: \"0644\"\n notify:\n - reload systemd\n - restart pdns\n when: pdns_service_overrides | length > 0\n\n- name: Ensure that the PowerDNS configuration directory exists\n ansible.builtin.file:\n name: \"{{ pdns_config_dir }}\"\n state: directory\n owner: \"{{ pdns_file_owner }}\"\n group: \"{{ pdns_file_group }}\"\n mode: \"0750\"\n tags:\n - config\n\n- name: Generate the PowerDNS configuration\n ansible.builtin.template:\n src: pdns.conf.j2\n dest: \"{{ pdns_config_dir }}/{{ pdns_config_file }}\"\n owner: \"{{ pdns_file_owner }}\"\n group: \"{{ pdns_file_group }}\"\n mode: \"0640\"\n notify: restart pdns\n tags:\n - config\n\n- name: Ensure configured PowerDNS additional directories exist\n ansible.builtin.file:\n name: \"{{ item.path | default(item) }}\"\n state: directory\n owner: \"{{ item.owner | default(pdns_file_owner) }}\"\n group: \"{{ item.group | default(pdns_file_group) }}\"\n mode: \"{{ item.mode | default('0750') }}\"\n loop: \"{{ pdns_config_additional_dirs }}\"\n loop_control:\n label: \"{{ item.path | default(item) }}\"\n notify: restart pdns\n tags:\n - config\n\n- name: Ensure directories for configured PowerDNS extra files exist\n ansible.builtin.file:\n name: \"{{ _pdns_config_file_dest | dirname }}\"\n state: directory\n owner: \"{{ item.dir_owner | default(item.owner | default(pdns_file_owner)) }}\"\n group: \"{{ item.dir_group | default(item.group | default(pdns_file_group)) }}\"\n mode: \"{{ item.dir_mode | default('0750') }}\"\n vars:\n _pdns_config_file_dest: >-\n {{ item.dest if (item.dest is match('^/')) else (pdns_config_dir ~ '/' ~ item.dest) }}\n loop: \"{{ pdns_config_files }}\"\n loop_control:\n label: \"{{ item.dest }}\"\n notify: restart pdns\n tags:\n - config\n\n- name: Copy configured PowerDNS extra files\n ansible.builtin.copy:\n content: \"{{ item.content | default(omit) }}\"\n src: \"{{ item.src | default(omit) }}\"\n dest: \"{{ _pdns_config_file_dest }}\"\n owner: \"{{ item.owner | default(pdns_file_owner) }}\"\n group: \"{{ item.group | default(pdns_file_group) }}\"\n mode: \"{{ item.mode | default('0640') }}\"\n vars:\n _pdns_config_file_dest: >-\n {{ item.dest if (item.dest is match('^/')) else (pdns_config_dir ~ '/' ~ item.dest) }}\n loop: \"{{ pdns_config_files }}\"\n loop_control:\n label: \"{{ item.dest }}\"\n notify: restart pdns\n tags:\n - config\n"
},
{
"path": "tasks/database-lmdb.yml",
"content": "---\n\n- name: Ensure that the directories containing the PowerDNS LMDB databases exist\n ansible.builtin.file:\n name: \"{{ item | dirname }}\"\n owner: \"{{ pdns_user }}\"\n group: \"{{ pdns_group }}\"\n state: directory\n mode: \"0750\"\n with_items: \"{{ pdns_lmdb_databases_locations }}\"\n tags:\n - config\n"
},
{
"path": "tasks/database-mysql.yml",
"content": "---\n\n- name: Install the MySQL dependencies\n ansible.builtin.package:\n name: \"{{ pdns_mysql_packages }}\"\n state: \"{{ pdns_mysql_packages_state }}\"\n tags:\n - install\n\n- name: Manage the PowerDNS MySQL databases\n when:\n - pdns_package_state != 'absent'\n - pdns_mysql_manage_database | bool\n tags:\n - config\n block:\n\n - name: Create the PowerDNS MySQL databases\n community.mysql.mysql_db:\n login_user: \"{{ item['value']['priv_user'] }}\"\n login_password: \"{{ item['value']['priv_password'] }}\"\n login_host: \"{{ item['value']['host'] | default('localhost') if not pdns_mysql_query_use_socket else omit }}\"\n login_port: \"{{ item['value']['port'] | default('3306') if not pdns_mysql_query_use_socket else omit }}\"\n login_unix_socket: \"{{ pdns_mysql_unix_socket if pdns_mysql_query_use_socket else omit }}\"\n name: \"{{ item['value']['dbname'] }}\"\n state: present\n when:\n - item.key.split(':')[0] == 'gmysql'\n - item['value']['priv_user'] is defined\n - item['value']['priv_password'] is defined\n run_once: \"{{ pdns_mysql_schema_on_first_node_only }}\"\n throttle: 1\n no_log: \"{{ not pdns_verbose }}\"\n with_dict: \"{{ pdns_backends | combine(pdns_mysql_databases_credentials, recursive=True) }}\"\n\n - name: Grant PowerDNS access to the MySQL databases\n community.mysql.mysql_user:\n login_user: \"{{ item[0]['priv_user'] }}\"\n login_password: \"{{ item[0]['priv_password'] }}\"\n login_host: \"{{ item[0]['host'] | default('localhost') if not pdns_mysql_query_use_socket else omit }}\"\n login_port: \"{{ item[0]['port'] | default('3306') if not pdns_mysql_query_use_socket else omit }}\"\n login_unix_socket: \"{{ pdns_mysql_unix_socket if pdns_mysql_query_use_socket else omit }}\"\n name: \"{{ item[0]['user'] }}\"\n password: \"{{ item[0]['password'] if (_pdns_mysql_auth_plugin_effective | length == 0) else omit }}\"\n plugin: \"{{ _pdns_mysql_auth_plugin_effective if (_pdns_mysql_auth_plugin_effective | length > 0) else omit }}\"\n plugin_auth_string: \"{{ item[0]['password'] if (_pdns_mysql_auth_plugin_effective | length > 0) else omit }}\"\n update_password: >-\n {{ _pdns_mysql_user_update_password_effective\n if (_pdns_mysql_user_update_password_effective | length > 0)\n else ('on_create' if (_pdns_mysql_auth_plugin_effective | length > 0) else 'always') }}\n host: \"{{ item[1] }}\"\n priv: \"{{ item[0]['dbname'] }}.*:ALL\"\n append_privs: true\n state: present\n when: pdns_mysql_databases_credentials | length > 0\n no_log: \"{{ not pdns_verbose }}\"\n vars:\n _pdns_mysql_auth_plugin_effective: \"{{ item[0]['auth_plugin'] | default(pdns_mysql_auth_plugin) }}\"\n _pdns_mysql_user_update_password_effective: \"{{ item[0]['update_password'] | default(pdns_mysql_user_update_password) }}\"\n run_once: \"{{ pdns_mysql_schema_on_first_node_only }}\"\n throttle: 1\n with_subelements:\n - \"{{ pdns_backends | combine(pdns_mysql_databases_credentials, recursive=True) }}\"\n - priv_host\n - skip_missing: true\n\n - name: Check if the MySQL databases are empty\n ansible.builtin.command:\n cmd: >-\n {{ pdns_backends_mysql_cmd }} --user=\"{{ item['value']['user'] }}\" --password=\"{{ item['value']['password'] }}\"\n {{ pdns_mysql_cli_extra_args }}\n {% if pdns_mysql_query_use_socket %} --socket=\"{{ pdns_mysql_unix_socket }}\"\n {% else %} --host=\"{{ item['value']['host'] | default('localhost') }}\" --port=\"{{ item['value']['port'] | default('3306') }}\"{% endif %}\n --batch --skip-column-names\n --execute=\"SELECT COUNT(DISTINCT table_name) FROM information_schema.columns WHERE table_schema = '{{ item['value']['dbname'] }}'\"\n when:\n - pdns_mysql_schema_load\n - item.key.split(':')[0] == 'gmysql'\n with_dict: \"{{ pdns_backends }}\"\n register: _pdns_check_mysql_db\n no_log: \"{{ not pdns_verbose }}\"\n changed_when: false\n\n - name: Determine location of the SQL file\n ansible.builtin.shell:\n cmd: |\n for p in /usr/share/doc/pdns-backend-mysql-{{ _pdns_running_version }}/schema.mysql.sql \\\n /usr/share/doc/pdns-backend-mysql/schema.mysql.sql \\\n /usr/share/pdns-backend-mysql/schema/schema.mysql.sql \\\n /usr/share/dbconfig-common/data/pdns-backend-mysql/install/mysql \\\n /usr/share/doc/powerdns/schema.mysql.sql \\\n /usr/share/doc/pdns/schema.mysql.sql; do\n if [ -f $p ]; then\n echo $p\n exit 0\n fi\n done\n echo \"Can't determine path to MySQL schema\">&2\n exit 1\n changed_when: false\n register: _pdns_mysql_schema_file_detected\n when:\n - pdns_mysql_schema_load\n - pdns_mysql_schema_file | length == 0\n\n - name: Set the schema file variable\n ansible.builtin.set_fact:\n _pdns_mysql_schema_file_to_use: >-\n {{ _pdns_mysql_schema_file_detected.stdout\n if pdns_mysql_schema_file | length == 0 else pdns_mysql_schema_file }}\n when: pdns_mysql_schema_load\n\n - name: Import the PowerDNS MySQL schema\n ansible.builtin.shell:\n cmd: >-\n {{ pdns_backends_mysql_cmd }}\n --user=\"{{ item['item']['value']['user'] }}\"\n --password=\"{{ item['item']['value']['password'] }}\"\n {{ pdns_mysql_cli_extra_args }}\n {% if pdns_mysql_query_use_socket %}\n --socket=\"{{ pdns_mysql_unix_socket }}\"\n {% else %}\n --host=\"{{ item['item']['value']['host'] | default('localhost') }}\"\n --port=\"{{ item['item']['value']['port'] | default('3306') }}\"\n {% endif %}\n --database=\"{{ item.item['value']['dbname'] }}\"\n < \"{{ _pdns_mysql_schema_file_to_use }}\"\n no_log: \"{{ not pdns_verbose }}\"\n run_once: \"{{ pdns_mysql_schema_on_first_node_only }}\"\n throttle: 1\n changed_when: item['stdout'] == '0'\n when:\n - pdns_mysql_schema_load\n - item['item']['key'].split(':')[0] == 'gmysql'\n - item['stdout'] == '0'\n with_items: \"{{ _pdns_check_mysql_db['results'] }}\"\n"
},
{
"path": "tasks/database-pgsql.yml",
"content": "---\n\n- name: Install the PostgreSQL dependencies\n ansible.builtin.package:\n name: \"{{ pdns_pgsql_packages }}\"\n state: \"{{ pdns_pgsql_packages_state }}\"\n tags:\n - install\n\n- name: Manage the PowerDNS PostgreSQL databases\n when:\n - pdns_package_state != 'absent'\n - pdns_pgsql_manage_database | bool\n tags:\n - config\n block:\n\n - name: Create PowerDNS PostgreSQL users\n community.postgresql.postgresql_user:\n login_user: \"{{ item['value']['priv_user'] }}\"\n login_password: \"{{ item['value']['priv_password'] }}\"\n login_host: \"{{ item['value']['host'] | default('localhost') if not pdns_pgsql_query_use_socket else omit }}\"\n login_port: \"{{ item['value']['port'] | default('5432') if not pdns_pgsql_query_use_socket else omit }}\"\n login_unix_socket: \"{{ pdns_pgsql_unix_socket if pdns_pgsql_query_use_socket else omit }}\"\n name: \"{{ item['value']['user'] }}\"\n password: \"{{ item['value']['password'] }}\"\n role_attr_flags: \"LOGIN,NOSUPERUSER,NOCREATEDB,NOCREATEROLE,NOREPLICATION\"\n state: present\n when:\n - item.key.split(':')[0] == 'gpgsql'\n - item['value']['priv_user'] is defined\n - item['value']['priv_password'] is defined\n run_once: \"{{ pdns_pgsql_schema_on_first_node_only }}\"\n throttle: 1\n no_log: \"{{ not pdns_verbose }}\"\n with_dict: \"{{ pdns_backends | combine(pdns_pgsql_databases_credentials, recursive=True) }}\"\n\n - name: Create the PowerDNS PostgreSQL databases\n community.postgresql.postgresql_db:\n login_user: \"{{ item['value']['priv_user'] }}\"\n login_password: \"{{ item['value']['priv_password'] }}\"\n login_host: \"{{ item['value']['host'] | default('localhost') if not pdns_pgsql_query_use_socket else omit }}\"\n login_port: \"{{ item['value']['port'] | default('5432') if not pdns_pgsql_query_use_socket else omit }}\"\n login_unix_socket: \"{{ pdns_pgsql_unix_socket if pdns_pgsql_query_use_socket else omit }}\"\n name: \"{{ item['value']['dbname'] }}\"\n owner: \"{{ item['value']['user'] }}\"\n state: present\n when:\n - item.key.split(':')[0] == 'gpgsql'\n - item['value']['priv_user'] is defined\n - item['value']['priv_password'] is defined\n run_once: \"{{ pdns_pgsql_schema_on_first_node_only }}\"\n throttle: 1\n no_log: \"{{ not pdns_verbose }}\"\n with_dict: \"{{ pdns_backends | combine(pdns_pgsql_databases_credentials, recursive=True) }}\"\n\n - name: Check if the PostgreSQL databases are empty\n community.postgresql.postgresql_query:\n login_db: \"{{ item['value']['dbname'] }}\"\n login_user: \"{{ item['value']['user'] }}\"\n login_password: \"{{ item['value']['password'] }}\"\n login_host: \"{{ item['value']['host'] | default('localhost') if not pdns_pgsql_query_use_socket else omit }}\"\n login_port: \"{{ item['value']['port'] | default('5432') if not pdns_pgsql_query_use_socket else omit }}\"\n login_unix_socket: \"{{ pdns_pgsql_unix_socket if pdns_pgsql_query_use_socket else omit }}\"\n query: >-\n SELECT COUNT(DISTINCT tablename) AS count\n FROM pg_catalog.pg_tables\n WHERE schemaname = 'public';\n when:\n - pdns_pgsql_schema_load\n - item.key.split(':')[0] == 'gpgsql'\n with_dict: \"{{ pdns_backends }}\"\n register: _pdns_check_pgsql_db\n no_log: \"{{ not pdns_verbose }}\"\n changed_when: false\n\n - name: Determine location of the PostgreSQL schema SQL file\n ansible.builtin.shell:\n cmd: |\n for p in \\\n /usr/share/doc/pdns-backend-postgresql-{{ _pdns_running_version }}/schema.pgsql.sql \\\n /usr/share/doc/pdns-backend-pgsql-{{ _pdns_running_version }}/schema.pgsql.sql \\\n /usr/share/doc/pdns-backend-postgresql/schema.pgsql.sql \\\n /usr/share/doc/pdns-backend-pgsql/schema.pgsql.sql \\\n /usr/share/pdns-backend-pgsql/schema/schema.pgsql.sql \\\n /usr/share/dbconfig-common/data/pdns-backend-pgsql/install/pgsql \\\n /usr/share/doc/powerdns/schema.pgsql.sql \\\n /usr/share/doc/pdns/schema.pgsql.sql; do\n if [ -f \"$p\" ]; then\n echo \"$p\"\n exit 0\n fi\n done\n echo \"Can't determine path to PostgreSQL schema\" >&2\n exit 1\n changed_when: false\n register: _pdns_pgsql_schema_file_detected\n when:\n - pdns_pgsql_schema_load\n - pdns_pgsql_schema_file | length == 0\n\n - name: Set the PostgreSQL schema file variable\n ansible.builtin.set_fact:\n _pdns_pgsql_schema_file_to_use: >-\n {{ _pdns_pgsql_schema_file_detected.stdout\n if pdns_pgsql_schema_file | length == 0 else pdns_pgsql_schema_file }}\n when: pdns_pgsql_schema_load\n\n - name: Import the PowerDNS PostgreSQL schema\n community.postgresql.postgresql_db:\n login_user: \"{{ item['item']['value']['user'] }}\"\n login_password: \"{{ item['item']['value']['password'] }}\"\n login_host: \"{{ item['item']['value']['host'] | default('localhost') if not pdns_pgsql_query_use_socket else omit }}\"\n login_port: \"{{ item['item']['value']['port'] | default('5432') if not pdns_pgsql_query_use_socket else omit }}\"\n login_unix_socket: \"{{ pdns_pgsql_unix_socket if pdns_pgsql_query_use_socket else omit }}\"\n name: \"{{ item['item']['value']['dbname'] }}\"\n state: restore\n target: \"{{ _pdns_pgsql_schema_file_to_use }}\"\n run_once: \"{{ pdns_pgsql_schema_on_first_node_only }}\"\n throttle: 1\n no_log: \"{{ not pdns_verbose }}\"\n when:\n - pdns_pgsql_schema_load\n - item['item']['key'].split(':')[0] == 'gpgsql'\n - item['query_result'][0]['count'] | int == 0\n with_items: \"{{ _pdns_check_pgsql_db['results'] }}\"\n"
},
{
"path": "tasks/database-sqlite3.yml",
"content": "---\n\n- name: Install the SQLite dependencies on RedHat\n ansible.builtin.package:\n name: sqlite\n state: \"{{ pdns_sqlite_package_state }}\"\n when: ansible_os_family == 'RedHat'\n tags:\n - install\n\n- name: Install the SQLite dependencies on Debian\n ansible.builtin.package:\n name: sqlite3\n state: \"{{ pdns_sqlite_package_state }}\"\n when: ansible_os_family == 'Debian'\n tags:\n - install\n - config\n\n- name: Manage the PowerDNS SQLite databases\n when:\n - pdns_package_state != 'absent'\n - pdns_sqlite_databases_locations | length > 0\n tags:\n - config\n block:\n - name: Ensure that the directories containing the PowerDNS SQLite databases exist\n ansible.builtin.file:\n name: \"{{ item | dirname }}\"\n owner: \"{{ pdns_user }}\"\n group: \"{{ pdns_group }}\"\n state: directory\n mode: \"0750\"\n with_items: \"{{ pdns_sqlite_databases_locations }}\"\n\n - name: Determine location of the SQL file\n ansible.builtin.shell:\n cmd: |\n for p in \\\n /usr/share/doc/pdns-backend-sqlite-{{ _pdns_running_version }}/schema.sql \\\n /usr/share/doc/pdns-backend-sqlite-{{ _pdns_running_version }}/schema.sqlite3.sql \\\n /usr/share/doc/pdns/schema.sqlite3.sql \\\n /usr/share/doc/pdns-backend-sqlite3/schema.sqlite3.sql \\\n /usr/share/doc/pdns-backend-sqlite/schema.sqlite3.sql \\\n /usr/share/doc/powerdns/schema.sqlite3.sql \\\n /usr/share/pdns/schema.sqlite3.sql \\\n /usr/share/powerdns/schema.sqlite3.sql \\\n /usr/share/pdns-backend-sqlite3/schema/schema.sqlite3.sql \\\n /usr/share/pdns-backend-sqlite/schema/schema.sqlite3.sql \\\n /usr/share/doc/pdns/schema.sqlite3.sql.gz \\\n /usr/share/doc/pdns/schema.sqlite3.sql.xz \\\n /usr/share/doc/powerdns/schema.sqlite3.sql.gz \\\n /usr/share/doc/powerdns/schema.sqlite3.sql.xz; do\n if [ -f \"$p\" ]; then\n echo \"$p\"\n exit 0\n fi\n done\n\n # Fallback for distribution-specific schema locations.\n schema_file=\"$(find /usr/share/doc /usr/share -maxdepth 6 -type f \\\n \\( -name \"schema.sqlite3.sql\" -o -name \"schema.sqlite3.sql.gz\" -o -name \"schema.sqlite3.sql.xz\" \\) \\\n -print -quit 2>/dev/null)\"\n if [ -n \"$schema_file\" ]; then\n echo \"$schema_file\"\n exit 0\n fi\n echo \"Can't determine path to SQLite schema\">&2\n exit 1\n changed_when: false\n register: _pdns_sqlite_schema_file_detected\n when: pdns_sqlite_schema_file | length == 0\n\n - name: Set the schema file variable\n ansible.builtin.set_fact:\n _pdns_sqlite_schema_file_to_use: >-\n {{ _pdns_sqlite_schema_file_detected.stdout\n if pdns_sqlite_schema_file | length == 0 else pdns_sqlite_schema_file }}\n\n - name: Create the PowerDNS SQLite databases\n ansible.builtin.shell:\n cmd: |\n tmp_schema=\"$(mktemp)\"\n trap 'rm -f \"$tmp_schema\"' EXIT\n\n case \"{{ _pdns_sqlite_schema_file_to_use }}\" in\n *.gz)\n gzip -dc \"{{ _pdns_sqlite_schema_file_to_use }}\" > \"$tmp_schema\"\n ;;\n *.xz)\n xz -dc \"{{ _pdns_sqlite_schema_file_to_use }}\" > \"$tmp_schema\"\n ;;\n *)\n cp \"{{ _pdns_sqlite_schema_file_to_use }}\" \"$tmp_schema\"\n ;;\n esac\n\n sqlite3 \"{{ item }}\" < \"$tmp_schema\"\n args:\n creates: \"{{ item }}\"\n with_items: \"{{ pdns_sqlite_databases_locations }}\"\n\n - name: Check the PowerDNS SQLite databases permissions\n ansible.builtin.file:\n name: \"{{ item }}\"\n owner: \"{{ pdns_user }}\"\n group: \"{{ pdns_group }}\"\n mode: \"0640\"\n state: file\n with_items: \"{{ pdns_sqlite_databases_locations }}\"\n"
},
{
"path": "tasks/inspect.yml",
"content": "---\n\n- name: Obtain the version of the running PowerDNS instance\n ansible.builtin.command: pdns_server --version\n register: _pdns_version_raw\n check_mode: false\n changed_when: false\n failed_when: false\n tags:\n - config\n\n- name: Extract the PowerDNS version from command output\n ansible.builtin.set_fact:\n _pdns_version: >-\n {{ (_pdns_version_raw.stdout ~ ' ' ~ _pdns_version_raw.stderr)\n | regex_search('[0-9]+\\.[0-9]+\\.[0-9]+(?:[-._a-zA-Z0-9]+)?')\n | default('') }}\n tags:\n - config\n\n- name: Ensure PowerDNS version was detected\n ansible.builtin.assert:\n that:\n - _pdns_version | length > 0\n fail_msg: >-\n Could not parse PowerDNS version from: stdout='{{ _pdns_version_raw.stdout }}'\n stderr='{{ _pdns_version_raw.stderr }}'\n tags:\n - config\n\n- name: Export the running PowerDNS instance version to a variable\n ansible.builtin.set_fact:\n _pdns_running_version: \"{{ _pdns_version | regex_replace('-[.\\\\d\\\\w]+$', '') }}\"\n tags:\n - config\n"
},
{
"path": "tasks/install.yml",
"content": "---\n- name: Set up version separator\n when: pdns_package_version | length > 0\n tags:\n - install\n block:\n - name: Prefix the PowerDNS version with the correct separator on RedHat\n ansible.builtin.set_fact:\n _pdns_package_version: \"-{{ pdns_package_version }}\"\n when: ansible_os_family == 'RedHat'\n\n - name: Prefix the PowerDNS version with the correct separator on Debian\n ansible.builtin.set_fact:\n _pdns_package_version: \"={{ pdns_package_version }}\"\n when: ansible_os_family == 'Debian'\n\n- name: Install PowerDNS\n ansible.builtin.package:\n name: >-\n {{ pdns_package_name }}{{ _pdns_package_version | default('')\n if pdns_package_state != 'absent' else '' }}\n state: \"{{ pdns_package_state }}\"\n notify: reload systemd\n tags:\n - install\n\n- name: Install PowerDNS debug symbols\n ansible.builtin.package:\n name: >-\n {{ pdns_debug_symbols_package_name }}{{ _pdns_package_version | default('')\n if pdns_debug_symbols_package_state != 'absent' else '' }}\n state: \"{{ pdns_debug_symbols_package_state }}\"\n when:\n - pdns_install_debug_symbols_package | bool or pdns_debug_symbols_package_state == 'absent'\n tags:\n - install\n\n- name: Install PowerDNS backends\n ansible.builtin.package:\n name: >-\n {{ pdns_backends_packages[item.key.split(':')[0]] }}{{ _pdns_package_version | default('')\n if pdns_backends_packages_state != 'absent' else '' }}\n state: \"{{ pdns_backends_packages_state }}\"\n when: pdns_backends_packages[item.key.split(':')[0]] is defined\n with_dict: \"{{ pdns_backends }}\"\n loop_control:\n label: \"{{ item.key }}\"\n tags:\n - install\n"
},
{
"path": "tasks/main.yml",
"content": "---\n\n- name: Include OS-specific variables (generic to specific)\n ansible.builtin.include_vars: \"{{ role_path }}/vars/{{ item }}\"\n loop:\n - \"{{ ansible_os_family }}.yml\"\n - \"{{ ansible_distribution }}.yml\"\n - \"{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml\"\n - \"{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml\"\n when:\n - lookup('ansible.builtin.fileglob', role_path ~ '/vars/' ~ item, wantlist=True) | length > 0\n tags:\n - always\n\n- name: Setup repository\n ansible.builtin.include_tasks: \"repo-{{ ansible_os_family }}.yml\"\n when: \"pdns_install_repo | length > 0\"\n tags:\n - install\n - repository\n\n- name: Install PowerDNS\n ansible.builtin.include_tasks: install.yml\n tags:\n - install\n\n- name: Get version of PowerDNS instance\n ansible.builtin.include_tasks: inspect.yml\n when: pdns_package_state != 'absent'\n tags:\n - db\n - mysql\n - pgsql\n - sqlite\n - config\n\n- name: Configure SELinux\n ansible.builtin.include_tasks: selinux.yml\n when:\n - pdns_package_state != 'absent'\n - pdns_manage_selinux | bool\n - ansible_selinux is defined\n - ansible_selinux.status == 'enabled'\n tags:\n - selinux\n - config\n\n- name: Install and configure MySQL database\n ansible.builtin.include_tasks: database-mysql.yml\n when:\n - >-\n (\n pdns_package_state != 'absent'\n and pdns_mysql_manage_database | bool\n ) or pdns_mysql_packages_state == 'absent'\n - >-\n (pdns_backends | dict2items\n | selectattr('key', 'match', '^gmysql(:.*)?$')\n | list\n | length) > 0\n tags:\n - install\n - config\n - db\n - mysql\n\n- name: Install and configure PostgreSQL database\n ansible.builtin.include_tasks: database-pgsql.yml\n when:\n - >-\n (\n pdns_package_state != 'absent'\n and pdns_pgsql_manage_database | bool\n ) or pdns_pgsql_packages_state == 'absent'\n - >-\n (pdns_backends | dict2items\n | selectattr('key', 'match', '^gpgsql(:.*)?$')\n | list\n | length) > 0\n tags:\n - install\n - config\n - db\n - pgsql\n\n- name: Install and configure SQlite database\n ansible.builtin.include_tasks: database-sqlite3.yml\n when:\n - >-\n (\n pdns_package_state != 'absent'\n and pdns_sqlite_databases_locations | length > 0\n ) or pdns_sqlite_package_state == 'absent'\n tags:\n - install\n - config\n - db\n - sqlite\n\n- name: Install and configure LMDB database\n ansible.builtin.include_tasks: database-lmdb.yml\n when:\n - pdns_package_state != 'absent'\n - pdns_lmdb_databases_locations | length > 0\n tags:\n - config\n - db\n - lmdb\n\n- name: Build config file\n ansible.builtin.include_tasks: configure.yml\n when: pdns_package_state != 'absent'\n tags:\n - config\n\n- name: Start and enable the PowerDNS service (systemd)\n throttle: 1\n ansible.builtin.systemd:\n name: \"{{ pdns_service_name }}\"\n state: \"{{ pdns_service_state }}\"\n enabled: \"{{ pdns_service_enabled }}\"\n masked: \"{{ pdns_service_masked }}\"\n when: pdns_package_state != 'absent'\n tags:\n - service\n"
},
{
"path": "tasks/repo-Debian.yml",
"content": "---\n- name: Check if Deb822 repository format is supported by the current distro\n ansible.builtin.set_fact:\n _pdns_deb822_supported: >-\n {{\n (ansible_distribution == 'Ubuntu' and (ansible_distribution_major_version | int) >= 22) or\n (ansible_distribution == 'Debian' and (ansible_distribution_major_version | int) >= 11)\n }}\n tags:\n - install\n - repository\n\n- name: Configure the PowerDNS APT Repository (Deb822-style)\n when:\n - (pdns_install_repo['apt_version'] | default('')) | length > 0\n - _pdns_deb822_supported\n tags:\n - install\n - repository\n block:\n - name: Install python3-debian (required by deb822_repository)\n ansible.builtin.package:\n name: python3-debian\n state: present\n\n - name: Add the PowerDNS APT Repository (Deb822-style)\n ansible.builtin.deb822_repository:\n name: \"{{ pdns_install_repo['name'] }}\"\n types: deb\n uris: \"https://{{ pdns_install_repo['apt_repo_origin'] }}/{{ ansible_distribution | lower }}/\"\n suites: \"{{ ansible_distribution_release | lower }}-{{ pdns_install_repo['apt_version'] }}\"\n components: main\n architectures: \"{{ pdns_apt_repo_arch }}\"\n signed_by: \"{{ pdns_install_repo['gpg_key'] }}\"\n notify: update the apt cache\n\n - name: Remove the legacy PowerDNS APT .list file when using Deb822\n ansible.builtin.file:\n path: \"/etc/apt/sources.list.d/{{ pdns_install_repo['name'] }}.list\"\n state: absent\n notify: update the apt cache\n\n- name: Configure the PowerDNS APT Repository (legacy format)\n when: >-\n ((pdns_install_repo['apt_version'] | default('')) | length == 0) or\n (not _pdns_deb822_supported)\n tags:\n - install\n - repository\n block:\n - name: Install gnupg\n ansible.builtin.package:\n name: gnupg\n state: present\n\n - name: Check if apt-key is available\n ansible.builtin.stat:\n path: /usr/bin/apt-key\n register: _pdns_apt_key_cmd\n\n - name: Import the PowerDNS APT Repository key from URL\n ansible.builtin.apt_key:\n url: \"{{ pdns_install_repo['gpg_key'] }}\"\n id: \"{{ pdns_install_repo['gpg_key_id'] | default('') }}\"\n state: present\n when:\n - _pdns_apt_key_cmd.stat.exists\n - pdns_install_repo['gpg_key'] is regex(\"^[a-z]{3,}://\")\n\n - name: Import the PowerDNS APT Repository key from File\n ansible.builtin.apt_key:\n data: \"{{ lookup('file', pdns_install_repo['gpg_key']) }}\"\n id: \"{{ pdns_install_repo['gpg_key_id'] | default('') }}\"\n state: present\n when:\n - _pdns_apt_key_cmd.stat.exists\n - not pdns_install_repo['gpg_key'] is regex(\"^[a-z]{3,}://\")\n\n - name: Import the PowerDNS APT Repository key from URL (without apt-key)\n ansible.builtin.get_url:\n url: \"{{ pdns_install_repo['gpg_key'] }}\"\n dest: \"/etc/apt/trusted.gpg.d/{{ pdns_install_repo['name'] }}.asc\"\n owner: root\n group: root\n mode: \"0644\"\n when:\n - not _pdns_apt_key_cmd.stat.exists\n - pdns_install_repo['gpg_key'] is regex(\"^[a-z]{3,}://\")\n\n - name: Import the PowerDNS APT Repository key from File (without apt-key)\n ansible.builtin.copy:\n content: \"{{ lookup('file', pdns_install_repo['gpg_key']) }}\"\n dest: \"/etc/apt/trusted.gpg.d/{{ pdns_install_repo['name'] }}.asc\"\n owner: root\n group: root\n mode: \"0644\"\n when:\n - not _pdns_apt_key_cmd.stat.exists\n - not pdns_install_repo['gpg_key'] is regex(\"^[a-z]{3,}://\")\n\n - name: Add the PowerDNS APT Repository (legacy format)\n ansible.builtin.apt_repository:\n filename: \"{{ pdns_install_repo['name'] }}\"\n repo: \"{{ pdns_install_repo['apt_repo'] }}\"\n state: present\n notify: update the apt cache\n\n - name: Remove the Deb822 PowerDNS APT .sources file when using legacy format\n ansible.builtin.file:\n path: \"/etc/apt/sources.list.d/{{ pdns_install_repo['name'] }}.sources\"\n state: absent\n notify: update the apt cache\n\n- name: Pin the PowerDNS APT Repository\n ansible.builtin.template:\n src: pdns.pin.j2\n dest: /etc/apt/preferences.d/pdns\n owner: root\n group: root\n mode: \"0644\"\n tags:\n - install\n - repository\n\n- name: Flush handlers\n ansible.builtin.meta: flush_handlers\n tags:\n - install\n - repository\n"
},
{
"path": "tasks/repo-RedHat.yml",
"content": "---\n\n- name: Install EPEL repositories on RedHat-family distributions\n when: pdns_install_epel\n tags:\n - install\n - repository\n block:\n\n - name: Install epel-release on CentOS\n ansible.builtin.package:\n name: epel-release\n state: present\n when: ansible_distribution in [ 'CentOS', 'Rocky', 'AlmaLinux' ]\n\n - name: Install epel-release on RHEL\n ansible.builtin.package:\n name: \"https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm\"\n state: present\n when: ansible_distribution in [ 'RedHat' ]\n\n - name: Install epel-release on OracleLinux\n ansible.builtin.package:\n name:\n - \"oracle-epel-release-el{{ ansible_distribution_major_version }}\"\n state: present\n\n when: ansible_distribution in [ 'OracleLinux' ]\n\n- name: Install yum-plugin-priorities\n ansible.builtin.package:\n name: yum-plugin-priorities\n state: present\n when:\n - ansible_distribution in [ 'CentOS', 'Rocky', 'AlmaLinux' ]\n - ansible_distribution_major_version | int < 8\n tags:\n - install\n - repository\n\n- name: Install policycoreutils-python-utils to manage an SELinux environment.\n ansible.builtin.package:\n name: policycoreutils-python-utils\n state: present\n when:\n - ansible_distribution in [ 'RedHat', 'CentOS', 'Rocky', 'AlmaLinux', 'OracleLinux' ]\n - ansible_distribution_major_version | int >= 8\n tags:\n - install\n - repository\n\n- name: Add the PowerDNS YUM Repository\n ansible.builtin.yum_repository:\n name: \"{{ pdns_install_repo['name'] }}\"\n file: \"{{ pdns_install_repo['name'] }}\"\n description: PowerDNS Authoritative Server\n baseurl: \"{{ pdns_install_repo['yum_repo_baseurl'] }}\"\n gpgkey: \"{{ pdns_install_repo['gpg_key'] }}\"\n gpgcheck: true\n priority: \"90\"\n state: present\n tags:\n - install\n - repository\n\n- name: Add the PowerDNS debug symbols YUM Repository\n ansible.builtin.yum_repository:\n name: \"{{ pdns_install_repo['name'] }}-debuginfo\"\n file: \"{{ pdns_install_repo['name'] }}\"\n description: PowerDNS Authoritative Server - debug symbols\n baseurl: \"{{ pdns_install_repo['yum_debug_symbols_repo_baseurl'] }}\"\n gpgkey: \"{{ pdns_install_repo['gpg_key'] }}\"\n gpgcheck: true\n priority: \"90\"\n state: present\n when: pdns_install_debug_symbols_package\n tags:\n - install\n - repository\n"
},
{
"path": "tasks/selinux.yml",
"content": "---\n\n- name: Allow mysql connect from pdns in selinux\n ansible.posix.seboolean:\n name: pdns_can_network_connect_db\n state: true\n persistent: true\n when: >-\n (pdns_backends | dict2items\n | selectattr('key', 'search', '^g(mysql|pgsql)(:.*)?$')\n | list\n | length) > 0\n tags:\n - config\n\n- name: Allow pdns to bind to udp high ports\n community.general.seport:\n ports: 10000-20000\n proto: udp\n setype: dns_port_t\n state: present\n tags:\n - config\n"
},
{
"path": "templates/override-service.systemd.conf.j2",
"content": "[Service]\n{% for k, v in pdns_service_overrides.items() %}\n{% if k == 'ExecStart' %}ExecStart=\n{% elif k == 'ExecStartPre' %}ExecStartPre=\n{% endif %}\n{{ k }}={{ v }}\n{% endfor %}\n"
},
{
"path": "templates/pdns.conf.j2",
"content": "config-dir={{ pdns_config_dir }}\nsetuid={{ pdns_user }}\nsetgid={{ pdns_group }}\n{% for config_item, value in pdns_config.items() | sort() %}\n{% if config_item not in [\"config-dir\", \"launch\", \"setuid\", \"setgid\"] %}\n{% if value is sameas True %}\n{{ config_item }}=yes\n{% elif value is sameas False %}\n{{ config_item }}=no\n{% elif value == None %}\n{{ config_item }}=\n{% elif value is string %}\n{{ config_item }}={{ value | string }}\n{% elif value is sequence %}\n{{ config_item }}={{ value | join(',') }}\n{% else %}\n{{ config_item }}={{ value | string }}\n{% endif %}\n{% endif %}\n{% endfor %}\n\nlaunch=\n\n{% for backend in pdns_backends | sort() -%}\nlaunch+={{ backend }}\n{% set backend_string = backend | replace(':', '-') %}\n{% for backend_item, value in pdns_backends[backend].items() | sort() -%}\n{% if value is sameas True %}\n{{ backend_string }}-{{ backend_item }}=yes\n{% elif value is sameas False %}\n{{ backend_string }}-{{ backend_item }}=no\n{% elif value == None %}\n{{ backend_string }}-{{ backend_item }}=\n{% else %}\n{{ backend_string }}-{{ backend_item }}={{ value | string }}\n{% endif %}\n{% endfor %}\n\n{% endfor -%}\n\n"
},
{
"path": "templates/pdns.pin.j2",
"content": "Package: pdns-*\nPin: origin {{ pdns_install_repo['apt_repo_origin'] }}\nPin-Priority: 600\n"
},
{
"path": "test-requirements.txt",
"content": "ansible-lint==24.12.2\nansible-compat==24.10.0\nyamllint==1.38.0\nmolecule-plugins[docker]==23.6.0\nmolecule-plugins[lint]==23.6.0\nmolecule==24.9.0\npytest-testinfra==10.1.1\ndocker==7.1.0\n"
},
{
"path": "tox.ini",
"content": "[tox]\nminversion = 1.8\nenvlist = ansible{215,216}\nskipsdist = true\n\n[gh-actions:env]\nANSIBLE=\n 2.15: ansible215\n 2.16: ansible216\n\n[testenv]\npassenv = *\ndeps =\n -rtest-requirements.txt\n ansible215: ansible-core>2.15,<2.16\n ansible216: ansible-core>2.16,<2.17\nsetenv =\n PY_COLORS = 1\ncommands =\n {posargs:molecule test --all --destroy always}\n"
},
{
"path": "vars/Archlinux.yml",
"content": "---\n\n# The name of the PowerDNS package\ndefault_pdns_package_name: \"powerdns\"\n\n# List of PowerDNS Backends packages. Arch ships all backends in the main package\ndefault_pdns_backends_packages: {}\n\n# The directory where the PowerDNS configuration is located\ndefault_pdns_config_dir: '/etc/powerdns'\n\n# Use MariaDB client for MySQL/MariaDB schema checks/import\ndefault_pdns_backends_mysql_cmd: \"mariadb\"\n\n# Additional MariaDB CLI arguments used for schema checks/import\ndefault_pdns_mysql_cli_extra_args: \"--skip-ssl-verify-server-cert\"\n\n# Packages to install for MySQL support\ndefault_pdns_mysql_packages:\n - python-pymysql\n - python-cryptography\n - mariadb-clients\n\n# Packages to install for PostgreSQL support\ndefault_pdns_pgsql_packages:\n - python-psycopg2\n - postgresql\n\n# Other defaults\npdns_user: powerdns\npdns_group: powerdns\n"
},
{
"path": "vars/Debian.yml",
"content": "---\n\n# The name of the PowerDNS Authoritative Server package\ndefault_pdns_package_name: \"pdns-server\"\n\n# The name of the PowerDNS Authoritative Server debug package\ndefault_pdns_debug_symbols_package_name: \"pdns-server-dbg\"\n\n# Packages needed to install MySQL\ndefault_pdns_mysql_packages:\n - default-mysql-client\n - python3-mysqldb\n - python3-cryptography\n\n# The command used for MySQL/MariaDB schema checks/import\ndefault_pdns_backends_mysql_cmd: \"mariadb\"\ndefault_pdns_mysql_cli_extra_args: \"\"\n\n# Packages needed to install PostgreSQL\ndefault_pdns_pgsql_packages:\n - postgresql-client\n - python3-psycopg2\n\n# List of PowerDNS Authoritative Server Backends packages on Debian\ndefault_pdns_backends_packages:\n geo: pdns-backend-geo\n geoip: pdns-backend-geoip\n gmysql: pdns-backend-mysql\n gpgsql: pdns-backend-pgsql\n gsqlite3: pdns-backend-sqlite3\n ldap: pdns-backend-ldap\n lmdb: pdns-backend-lmdb\n lua: pdns-backend-lua\n mydns: pdns-backend-mydns\n pipe: pdns-backend-pipe\n remote: pdns-backend-remote\n tinydns: pdns-backend-tinydns\n\n# The directory where the PowerDNS Authoritative Server configuration is located\ndefault_pdns_config_dir: \"/etc/powerdns\"\n"
},
{
"path": "vars/RedHat.yml",
"content": "---\n\n# The name of the PowerDNS Authoritative Server package\ndefault_pdns_package_name: \"pdns\"\n\n# Packages needed to install MySQL\ndefault_pdns_mysql_packages:\n - mariadb\n - mariadb-server\n - mariadb-connector-c\n - python3-PyMySQL\n - python3-cryptography\n - perl-DBD-MySQL\n\n# The command used for MySQL/MariaDB schema checks/import\ndefault_pdns_backends_mysql_cmd: \"mariadb\"\n\n# Additional MariaDB CLI arguments used for schema checks/import\ndefault_pdns_mysql_cli_extra_args: \"\"\n\n# Packages needed to install PostgreSQL\ndefault_pdns_pgsql_packages:\n - postgresql\n - python3-psycopg2\n\n# The name of the PowerDNS Authoritative Server debug package\ndefault_pdns_debug_symbols_package_name: \"pdns-debuginfo\"\n\n# List of PowerDNS Authoritative Server backends packages on RedHat\ndefault_pdns_backends_packages:\n geo: pdns-backend-geo\n geoip: pdns-backend-geoip\n gmysql: pdns-backend-mysql\n gpgsql: pdns-backend-postgresql\n gsqlite3: pdns-backend-sqlite\n ldap: pdns-backend-ldap\n lmdb: pdns-backend-lmdb\n lua: pdns-backend-lua\n mydns: pdns-backend-mydns\n pipe: pdns-backend-pipe\n remote: pdns-backend-remote\n tinydns: pdns-backend-tinydns\n\n# The directory where the PowerDNS Authoritative Server configuration is located\ndefault_pdns_config_dir: \"/etc/pdns\"\n"
},
{
"path": "vars/Ubuntu-20.yml",
"content": "---\n\n# Ubuntu 20 uses PyMySQL for Ansible MySQL modules.\ndefault_pdns_mysql_packages:\n - default-mysql-client\n - python3-pymysql\n - python3-cryptography\n"
},
{
"path": "vars/main.yml",
"content": "---\n\npdns_apt_repo_arch_map:\n x86_64: amd64\n amd64: amd64\n aarch64: arm64\n arm64: arm64\n\npdns_apt_repo_arch: >-\n {{ pdns_apt_repo_arch_map.get((ansible_architecture | default('amd64')) | lower,\n (ansible_architecture | default('amd64')) | lower) }}\n\npdns_auth_powerdns_repo_master:\n apt_repo_origin: \"repo.powerdns.com\"\n apt_version: \"auth-master\"\n apt_repo: >-\n deb [arch={{ pdns_apt_repo_arch }}] http://repo.powerdns.com/{{ ansible_distribution | lower }}\n {{ ansible_distribution_release | lower }}-auth-master main\n gpg_key: \"http://repo.powerdns.com/CBC8B383-pub.asc\"\n gpg_key_id: \"D47975F8DAE32700A563E64FFF389421CBC8B383\"\n yum_repo_baseurl: \"http://repo.powerdns.com/centos/$basearch/$releasever/auth-master\"\n yum_debug_symbols_repo_baseurl: \"http://repo.powerdns.com/centos/$basearch/$releasever/auth-master/debug\"\n name: \"powerdns-auth-master\"\n\npdns_auth_powerdns_repo_48:\n apt_repo_origin: \"repo.powerdns.com\"\n apt_version: \"auth-48\"\n apt_repo: >-\n deb [arch={{ pdns_apt_repo_arch }}] http://repo.powerdns.com/{{ ansible_distribution | lower }}\n {{ ansible_distribution_release | lower }}-auth-48 main\n gpg_key: \"http://repo.powerdns.com/FD380FBB-pub.asc\"\n gpg_key_id: \"9FAAA5577E8FCF62093D036C1B0C6205FD380FBB\"\n yum_repo_baseurl: \"http://repo.powerdns.com/centos/$basearch/$releasever/auth-48\"\n yum_debug_symbols_repo_baseurl: \"http://repo.powerdns.com/centos/$basearch/$releasever/auth-48/debug\"\n name: \"powerdns-auth-48\"\n\npdns_auth_powerdns_repo_49:\n apt_repo_origin: \"repo.powerdns.com\"\n apt_version: \"auth-49\"\n apt_repo: >-\n deb [arch={{ pdns_apt_repo_arch }}] http://repo.powerdns.com/{{ ansible_distribution | lower }}\n {{ ansible_distribution_release | lower }}-auth-49 main\n gpg_key: \"http://repo.powerdns.com/FD380FBB-pub.asc\"\n gpg_key_id: \"9FAAA5577E8FCF62093D036C1B0C6205FD380FBB\"\n yum_repo_baseurl: \"http://repo.powerdns.com/centos/$basearch/$releasever/auth-49\"\n yum_debug_symbols_repo_baseurl: \"http://repo.powerdns.com/centos/$basearch/$releasever/auth-49/debug\"\n name: \"powerdns-auth-49\"\n\npdns_auth_powerdns_repo_50:\n apt_repo_origin: \"repo.powerdns.com\"\n apt_version: \"auth-50\"\n apt_repo: >-\n deb [arch={{ pdns_apt_repo_arch }}] http://repo.powerdns.com/{{ ansible_distribution | lower }}\n {{ ansible_distribution_release | lower }}-auth-50 main\n gpg_key: \"http://repo.powerdns.com/FD380FBB-pub.asc\"\n gpg_key_id: \"9FAAA5577E8FCF62093D036C1B0C6205FD380FBB\"\n yum_repo_baseurl: \"http://repo.powerdns.com/centos/$basearch/$releasever/auth-50\"\n yum_debug_symbols_repo_baseurl: \"http://repo.powerdns.com/centos/$basearch/$releasever/auth-50/debug\"\n name: \"powerdns-auth-50\"\n\ndefault_pdns_service_overrides:\n User: \"{{ pdns_user }}\"\n Group: \"{{ pdns_group }}\"\n"
}
]