freeipa / freeipa.ansible_freeipa / 1.11.1 / module / ipadnszone Manage FreeIPA dnszone Authors: Sergio Oliveira Campos (@seocam), Thomas Woerner (@t-woerner) preview | supported by communityfreeipa.ansible_freeipa.ipadnszone (1.11.1) — module
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1
collections: - name: freeipa.ansible_freeipa version: 1.11.1
Manage FreeIPA dnszone
--- # Ensure the zone is present (very minimal) - freeipa.ansible_freeipa.ipadnszone: name: test.example.com
# Ensure the zone is present (all available arguments) - freeipa.ansible_freeipa.ipadnszone: name: test.example.com ipaadmin_password: SomeADMINpassword allow_sync_ptr: true dynamic_update: true dnssec: true allow_transfer: - 1.1.1.1 - 2.2.2.2 allow_query: - 1.1.1.1 - 2.2.2.2 forwarders: - ip_address: 8.8.8.8 - ip_address: 8.8.4.4 port: 52 refresh: 3600 retry: 900 expire: 1209600 minimum: 3600 ttl: 60 default_ttl: 90 name_server: ipaserver.test.local. admin_email: admin.admin@example.com nsec3param_rec: "1 7 100 0123456789abcdef" skip_overlap_check: true skip_nameserver_check: true state: present
# Ensure zone is present and disabled - freeipa.ansible_freeipa.ipadnszone: name: test.example.com state: disabled
# Ensure zone is present and enabled - freeipa.ansible_freeipa.ipadnszone: name: test.example.com state: enabled
ttl: description: Time to live for records at zone apex required: false type: int name: aliases: - zone_name description: The zone name string. elements: str required: false type: list retry: description: SOA record retry time required: false type: int state: choices: - present - absent - enabled - disabled default: present description: State to ensure type: str dnssec: description: Allow inline DNSSEC signing of records in the zone required: false type: bool expire: description: SOA record expire time required: false type: int minimum: description: How long should negative responses be cached required: false type: int refresh: description: SOA record refresh time required: false type: int forwarders: description: The list of global DNS forwarders. elements: dict required: false suboptions: ip_address: description: The forwarder nameserver IP address list (IPv4 and IPv6). required: true type: str port: description: The port to forward requests to. required: false type: int type: list admin_email: description: Administrator e-mail address required: false type: str allow_query: description: List of IP addresses or networks which are allowed to issue queries elements: str required: false type: list default_ttl: description: Time to live for records without explicit TTL definition required: false type: int name_server: description: Authoritative nameserver domain name required: false type: str name_from_ip: description: 'Derive zone name from reverse of IP (PTR). Can only be used with `state: present`. ' required: false type: str update_policy: description: BIND update policy required: false type: str allow_sync_ptr: description: Allow synchronization of forward (A, AAAA) and reverse (PTR) records. required: false type: bool allow_transfer: description: List of IP addresses or networks which are allowed to transfer the zone elements: str required: false type: list dynamic_update: aliases: - dynamicupdate description: Allow dynamic updates required: false type: bool forward_policy: choices: - only - first - none description: Global forwarding policy. Set to "none" to disable any configured global forwarders. required: false type: str ipaapi_context: choices: - server - client description: 'The context in which the module will execute. Executing in a server context is preferred. If not provided context will be determined by the execution environment. ' required: false type: str nsec3param_rec: description: "NSEC3PARAM record for zone in format: hash_algorithm flags iterations\n\ \ salt.\n" required: false type: str ipaadmin_password: description: The admin password. required: false type: str ipaapi_ldap_cache: default: true description: Use LDAP cache for IPA connection. type: bool ipaadmin_principal: default: admin description: The admin principal. type: str skip_overlap_check: description: 'Force DNS zone creation even if it will overlap with an existing zone ' required: false type: bool skip_nameserver_check: description: Force DNS zone creation even if nameserver is not resolvable required: false type: bool
dnszone: contains: name: description: The name of the zone created, inferred from `name_from_ip`. returned: always type: str description: DNS Zone dict with zone name infered from `name_from_ip`. returned: If `state` is `present`, `name_from_ip` is used, and a zone was created. type: dict