freeipa.ansible_freeipa.ipadnszone (1.11.1) — module

Manage FreeIPA dnszone

Authors: Sergio Oliveira Campos (@seocam), Thomas Woerner (@t-woerner)

preview | supported by community

Install collection

Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1


Add to requirements.yml

  collections:
    - name: freeipa.ansible_freeipa
      version: 1.11.1

Description

Manage FreeIPA dnszone

Usage examples

1
  • Hint
    Tasks should always be named using the name parameter.
---
# Ensure the zone is present (very minimal)
- freeipa.ansible_freeipa.ipadnszone:
    name: test.example.com
1
  • Hint
    Tasks should always be named using the name parameter.
# Ensure the zone is present (all available arguments)
- freeipa.ansible_freeipa.ipadnszone:
    name: test.example.com
    ipaadmin_password: SomeADMINpassword
    allow_sync_ptr: true
    dynamic_update: true
    dnssec: true
    allow_transfer:
      - 1.1.1.1
      - 2.2.2.2
    allow_query:
      - 1.1.1.1
      - 2.2.2.2
    forwarders:
      - ip_address: 8.8.8.8
      - ip_address: 8.8.4.4
        port: 52
    refresh: 3600
    retry: 900
    expire: 1209600
    minimum: 3600
    ttl: 60
    default_ttl: 90
    name_server: ipaserver.test.local.
    admin_email: admin.admin@example.com
    nsec3param_rec: "1 7 100 0123456789abcdef"
    skip_overlap_check: true
    skip_nameserver_check: true
    state: present
1
  • Hint
    Tasks should always be named using the name parameter.
# Ensure zone is present and disabled
- freeipa.ansible_freeipa.ipadnszone:
    name: test.example.com
    state: disabled
1
  • Hint
    Tasks should always be named using the name parameter.
# Ensure zone is present and enabled
- freeipa.ansible_freeipa.ipadnszone:
    name: test.example.com
    state: enabled

Inputs

    
ttl:
    description: Time to live for records at zone apex
    required: false
    type: int

name:
    aliases:
    - zone_name
    description: The zone name string.
    elements: str
    required: false
    type: list

retry:
    description: SOA record retry time
    required: false
    type: int

state:
    choices:
    - present
    - absent
    - enabled
    - disabled
    default: present
    description: State to ensure
    type: str

dnssec:
    description: Allow inline DNSSEC signing of records in the zone
    required: false
    type: bool

expire:
    description: SOA record expire time
    required: false
    type: int

minimum:
    description: How long should negative responses be cached
    required: false
    type: int

refresh:
    description: SOA record refresh time
    required: false
    type: int

forwarders:
    description: The list of global DNS forwarders.
    elements: dict
    required: false
    suboptions:
      ip_address:
        description: The forwarder nameserver IP address list (IPv4 and IPv6).
        required: true
        type: str
      port:
        description: The port to forward requests to.
        required: false
        type: int
    type: list

admin_email:
    description: Administrator e-mail address
    required: false
    type: str

allow_query:
    description: List of IP addresses or networks which are allowed to issue queries
    elements: str
    required: false
    type: list

default_ttl:
    description: Time to live for records without explicit TTL definition
    required: false
    type: int

name_server:
    description: Authoritative nameserver domain name
    required: false
    type: str

name_from_ip:
    description: 'Derive zone name from reverse of IP (PTR).

      Can only be used with `state: present`.

      '
    required: false
    type: str

update_policy:
    description: BIND update policy
    required: false
    type: str

allow_sync_ptr:
    description: Allow synchronization of forward (A, AAAA) and reverse (PTR) records.
    required: false
    type: bool

allow_transfer:
    description: List of IP addresses or networks which are allowed to transfer the zone
    elements: str
    required: false
    type: list

dynamic_update:
    aliases:
    - dynamicupdate
    description: Allow dynamic updates
    required: false
    type: bool

forward_policy:
    choices:
    - only
    - first
    - none
    description: Global forwarding policy. Set to "none" to disable any configured global
      forwarders.
    required: false
    type: str

ipaapi_context:
    choices:
    - server
    - client
    description: 'The context in which the module will execute. Executing in a

      server context is preferred. If not provided context will be

      determined by the execution environment.

      '
    required: false
    type: str

nsec3param_rec:
    description: "NSEC3PARAM record for zone in format: hash_algorithm flags iterations\n\
      \ salt.\n"
    required: false
    type: str

ipaadmin_password:
    description: The admin password.
    required: false
    type: str

ipaapi_ldap_cache:
    default: true
    description: Use LDAP cache for IPA connection.
    type: bool

ipaadmin_principal:
    default: admin
    description: The admin principal.
    type: str

skip_overlap_check:
    description: 'Force DNS zone creation even if it will overlap with an existing zone

      '
    required: false
    type: bool

skip_nameserver_check:
    description: Force DNS zone creation even if nameserver is not resolvable
    required: false
    type: bool

Outputs

dnszone:
  contains:
    name:
      description: The name of the zone created, inferred from `name_from_ip`.
      returned: always
      type: str
  description: DNS Zone dict with zone name infered from `name_from_ip`.
  returned: If `state` is `present`, `name_from_ip` is used, and a zone was created.
  type: dict