powerdns / pdns_recursor-ansible Goto Github PK

View Code? Open in Web Editor NEW

39.0 12.0 47.0 255 KB

PowerDNS Recursor Ansible role

License: MIT License

Python 57.66% Jinja 42.34%

hacktoberfest

pdns_recursor-ansible's People

Stargazers

Watchers

pdns_recursor-ansible's Issues

issues using role on Ubuntu 20 instance

good day,

Target host running Ubuntu 20.04, with Ansible control node running 2.10.

ran into two distinct issues -- first an error if Recursor 4.2 is running (which admittedly i'm not clear how that got there) -- the Ansible error is as follows:

TASK [powerdns.pdns_recursor : Override the PowerDNS Recursor unit (systemd)] ***********************************************************************
fatal: [pdns-test]: FAILED! => {"changed": false, "msg": "AnsibleError: An unhandled exception occurred while templating '{{ default_pdns_rec_service_overrides }}'. Error was a <class 'ansible.errors.AnsibleError'>, original message: An unhandled exception occurred while templating '{{  { 'User'  : pdns_rec_user\n    , 'Group' : pdns_rec_group\n    } if _pdns_rec_version is version('4.3', operator='ge')\n      else {}\n}}'. Error was a <class 'ansible.errors.AnsibleFilterError'>, original message: Version comparison: 'LooseVersion' object has no attribute 'version'"}

I believe this is due to the fact _pdns_rec_version set is matching regex improperly with the version output below -- it seems to be looking for the first line, and at least somehow on this system the first line was not the version itself:

ubuntu@pdns-test:~$ pdns_recursor --version
Oct 31 19:53:55 Asked to run with pdns-distributes-queries set but no distributor threads, raising to 1
Oct 31 19:53:55 PowerDNS Recursor 4.2.1 (C) 2001-2019 PowerDNS.COM BV
Oct 31 19:53:55 Using 64-bits mode. Built using gcc 9.2.1 20200202.
Oct 31 19:53:55 PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2.
...cut for brevity...

I was able to resolve the above by uninstalling the older version and re-running the playbook. then I ran into second issue -- below ansible task failure:

TASK [powerdns.pdns_recursor : Restart PowerDNS Recursor] *******************************************************************************************
[WARNING]: Ignoring "sleep" as it is not used in "systemd"
fatal: [pdns-test]: FAILED! => {"changed": false, "msg": "Unable to restart service pdns-recursor: Job for pdns-recursor.service failed because the control process exited with error code.\nSee \"systemctl status pdns-recursor.service\" and \"journalctl -xe\" for details.\n"}

In chasing the issue, it was due to Ubuntu 20 systemd-resolve already listening on port 53, and I had to kill that before the playbook would succeed beginning to end with command sudo systemctl disable --now systemd-resolved

Thanks,

Will

recursor.conf.j2 template converts threads to 'yes' if set to '1'

when setting the threads variable to use ansible facts to detect the appropriate number of threads for pdns to use, the recursor.conf.j2 template will replace '1' with 'yes' if the system only has 1 vcpu. This does not occur with 2+ vcpus.

threads should be a special case and called out in the template before the rest of the true/false boolean conversions to avoid this issue. I will submit a pull request that includes an example way of fixing this issue.

Replacement of include with include_tasks is not released

On 2024-01-15 PR #152 which is replacing include with include_task as Ansible deprecated include was merged. On the same day release 1.7.0 was created. Unfortunately PR #152 didn't make it to 1.7.0.

Would it be possible to make another release which includes that fix?

Bug?: No package matching pdns-recursor-4.0.6-1 is available

Hello,

The remote machine I'm connecting to is Ubuntu 17.10 and it's default is python 3. I've had good luck with PDNS Auth server ansible code when setting this in my ansible hosts file:

[dns]
10.1.0.10

[dns:vars]
ansible_python_interpreter=/usr/bin/python3

However when using the pdns-recursor ansible code I get the message: No package matching pdns-recursor-4.0.6-1 is available

The full trace from an ansible-playbook with -vvv is:

The full traceback is:
File "/tmp/ansible_w39r5a9e/ansible_module_apt.py", line 333, in package_status
pkg = cache[pkgname]
File "/usr/lib/python3/dist-packages/apt/cache.py", line 200, in __getitem__
raise KeyError('The cache has no package named %r' % key)

fatal: [10.1.0.10]: FAILED! => {
    "changed": false, 
    "failed": true, 
    "invocation": {
        "module_args": {
            "allow_unauthenticated": false, 
            "autoclean": false, 
            "autoremove": false, 
            "cache_valid_time": 0, 
            "deb": null, 
            "default_release": null, 
            "dpkg_options": "force-confdef,force-confold", 
            "force": false, 
            "force_apt_get": false, 
            "install_recommends": null, 
            "name": "pdns-recursor-4.0.6-1\n", 
            "only_upgrade": false, 
            "package": [
                "pdns-recursor-4.0.6-1\n"
            ], 
            "purge": false, 
            "state": "present", 
            "update_cache": null, 
            "upgrade": null
        }
    }, 
    "msg": "No package matching 'pdns-recursor-4.0.6-1\n' is available"
}

I'm also attaching the fill output of the verbose run

It looks like the version is getting concat to the package name, however I'm not a python guru:

root@host:/etc/powerdns# apt search pdns-recursor
Sorting... Done
Full Text Search... Done
pdns-recursor/artful,now 4.0.6-1 amd64 [installed]
PowerDNS Recursor

pdns_recursor_ansible_error.txt

Edit: Updated formatting for readability

"Set pdns version" broken

TASK [PowerDNS.pdns_recursor : Set pdns version] *************************************************************************************
Saturday 19 June 2021  09:55:53 -0400 (0:00:00.122)       0:00:07.780 ********* 
ok: [thinkpad] => changed=false 
  ansible_facts:
    _pdns_rec_version: ''

TASK [PowerDNS.pdns_recursor : Override the PowerDNS Recursor unit (systemd)] ********************************************************
Saturday 19 June 2021  09:55:54 -0400 (0:00:00.518)       0:00:08.390 ********* 
fatal: [thinkpad]: FAILED! => changed=false 
  msg: |-
    AnsibleError: An unhandled exception occurred while templating '{{ default_pdns_rec_service_overrides }}'. Error was a <class 'ansible.errors.AnsibleError'>, original message: An unhandled exception occurred while templating '{{  { 'User'  : pdns_rec_user
        , 'Group' : pdns_rec_group
        } if _pdns_rec_version is version('4.3', operator='ge')
          else {}
    }}'. Error was a <class 'ansible.errors.AnsibleFilterError'>, original message: Version comparison: 'LooseVersion' object has no attribute 'version'

The reason this is happening is because the following play is looking at the first line of stderr:

TASK [PowerDNS.pdns_recursor : debug] ************************************************************************************************
Saturday 19 June 2021  09:55:53 -0400 (0:00:00.579)       0:00:07.658 ********* 
ok: [thinkpad] => 
  pdns_rec_ver_output:
    changed: false
    cmd:
    - pdns_recursor
    - --version
    delta: '0:00:00.009424'
    end: '2021-06-19 09:55:53.444081'
    failed: false
    rc: 0
    start: '2021-06-19 09:55:53.434657'
    stderr: |-
      Jun 19 09:55:53 Asked to run with pdns-distributes-queries set but no distributor threads, raising to 1
      Jun 19 09:55:53 PowerDNS Recursor 4.2.1 (C) 2001-2019 PowerDNS.COM BV
...

...which apparently isn't guaranteed to contain the version.

Let me know if you need any more details (target OS is Ubuntu Focal, local Ansible is 2.10.x).

[documentation] requirements.yml/install this role

I want to install this role using ansible-galaxy, I added it as source to requirements.yml:

- src: https://github.com/PowerDNS/pdns_recursor-ansible
  name: PowerDNS.pdns_recursor

And install it using ansible-galaxy install -r requirements.yml.

The role files seem to be placed indeed into a folder in vendor/roles/ - but ansible-galaxy fails before it can install the sub-dependency atosatto.packages-extras:

- extracting PowerDNS.pdns_recursor to [...]/project/vendor/roles/PowerDNS.pdns_recursor
 [WARNING]: - PowerDNS.pdns_recursor was NOT installed successfully: Could not update files in [...]/project/vendor/roles/PowerDNS.pdns_recursor: [Errno 95] Operation not supported

Is it required to specify the sub-dependency atosatto.packages-extras next
to PowerDNS.pdns_recursor, too?

pdns recursor configuration no longer created

It looks like commit 97f5f17 doesn't include configuration.yml and discards pdns_rec_config

No package found during first installation

Running the playbook on a fresh aws ec2 instance fails with the following error:

TASK: [pdns_recursor-ansible | Install the PowerDNS Recursor package] ********* failed: [*.co.nz] => {"failed": true} msg: No package matching 'pdns-recursor' is available

This is fixed by running apt-get update on the instance or by changing the apt line in install.packages-debian.yml from
apt: name=pdns-recursor state=present
to
apt: name=pdns-recursor state=present update_cache=yes

recursor won't start if forward-zone is set

Hi,

i'm not sure if this is the right repo because i don't know what ansible means (either google translate).
i can't get the logging to work probably, i'm on 4.0.0~alpha1-1pdns.trusty
if i use the standard config, and change the allow-from, listen and forward-zone powerdns recursor wont start.
if i put the forward options into the forward-zone-file, the recursor will die if i try to resolv a host in that zone.

is there anything i can provide?

regards

celevra

Unable to set supplementary groups: Operation not permitted

hello
I've just installed pdns and now pdns_recursor but when i lunch it with default playbook option i always get

Jun  5 08:10:20 dnstest-01.prod.kosc.net pdns_recursor[117644]: Inserting rfc 1918 private space zones
Jun  5 08:10:20 dnstest-01.prod.kosc.net pdns_recursor[117644]: Listening for UDP queries on 127.0.0.1:5301
Jun  5 08:10:20 dnstest-01.prod.kosc.net pdns_recursor[117644]: Enabled TCP data-ready filter for (slight) DoS protection
Jun  5 08:10:20 dnstest-01.prod.kosc.net pdns_recursor[117644]: Listening for TCP queries on 127.0.0.1:5301
Jun  5 08:10:20 dnstest-01.prod.kosc.net pdns_recursor[117644]: Set effective group id to 113
Jun  5 08:10:20 dnstest-01.prod.kosc.net pdns_recursor[117644]: Unable to set supplementary groups: Operation not permitted
Jun  5 08:10:20 dnstest-01.prod.kosc.net systemd[1]: pdns-recursor.service: Main process exited, code=exited, status=1/FAILURE
Jun  5 08:10:20 dnstest-01.prod.kosc.net systemd[1]: pdns-recursor.service: Failed with result 'exit-code'.
Jun  5 08:10:20 dnstest-01.prod.kosc.net systemd[1]: Failed to start PowerDNS Recursor

if i run the execstart without systemd it works

Listening for UDP queries on 127.0.0.1:5301
Enabled TCP data-ready filter for (slight) DoS protection
Listening for TCP queries on 127.0.0.1:5301
Raised soft limit on number of filedescriptors to 4121 to match max-mthreads and threads settings
Set effective group id to 113
Set effective user id to 108
Launching 3 threads
Done priming cache with root hints
Done priming cache with root hints

Didnt find how to make it works, please help :)
(running on debian 10)
Thanks in advance

pdns-rec won't start with changes from PR#56

Hi,
we use your ansible playbooks and after the last run our pdns-recursor daemons didn't start again.
We are using version 4.2.x and the Problem is the systemd override introduced in PR #56

We have workaround the problem and have set our own pdns_rec_service_overrides variable.
But I think the current default breaks all versions < 4.3.

Readme.md gives wrong service name

The readme.md gives the service name to be "pdns_rescursor-recursor", while in defaults/main.yaml it's "pdns-recursor"

install-Linux.yml Set pdns version failing

The task Override the PowerDNS Recursor unit (systemd) fails when running the role with pdns_rec_install_repo: "{{ pdns_rec_powerdns_repo_43 }}" or pdns_rec_install_repo: "{{ pdns_rec_powerdns_repo_master }}" on Debian Buster because the task Set pdns version fails to set the fact:

TASK [powerdns-recursor : Override the PowerDNS Recursor unit (systemd)] **************************************************************
fatal: [pdns-recursor-001]: FAILED! => {"changed": false, "msg": "AnsibleError: An unhandled exception occurred while templating '{{ default_pdns_rec_service_overrides }}'. Error was a <class 'ansible.errors.AnsibleError'>, original message: An unhandled exception occurred while templating '{{  { 'User'  : pdns_rec_user\n    , 'Group' : pdns_rec_group\n    } if _pdns_rec_version is version('4.3', operator='ge')\n      else {}\n}}'. Error was a <class 'ansible.errors.AnsibleFilterError'>, original message: Version comparison: 'LooseVersion' object has no attribute 'version'"}

pdns_rec_ver_output.stderr_lines[0] is Oct 01 09:13:27 Asked to run with pdns-distributes-queries set but no distributor threads, raising to 1, but Oct 01 09:13:27 PowerDNS Recursor 4.3.4 (C) 2001-2020 PowerDNS.COM BV was expected.

Replacing https://github.com/PowerDNS/pdns_recursor-ansible/blob/master/tasks/install-Linux.yml#L41 to {{ pdns_rec_ver_output.stderr_lines[1] fixes the issue.

[DEPRECATED]: ansible.builtin.include has been removed

This role's main.yml file uses ansible.builtin.include statements, which have been deprecated and removed in version 2.16. Trying this with a recent ansible version yields

ERROR! [DEPRECATED]: ansible.builtin.include has been removed. Use include_tasks or import_tasks instead. This feature was removed from ansible-core in a release after 2023-05-16. Please update your playbooks.

Simply replacing include with include_tasks works perfectly fine.

EOL Distros Referenced in `meta/main.yml` and `molecule.yml`

meta/main.yml and molecule/*/molecule.yml still reference distributions that are end-of-life and for which we also do not provide packages anymore in our open source repositories: https://repo.powerdns.com/

Ubuntu Bionic
FreeBSD 11
FreeBSD 12 (EOL 2023-12-31)

Unable to find 'Debian.yml' in expected paths

Hi,

Debian.yml is absent from your tasks directory

TASK [pdns_recursor-ansible : Include OS-specific variables] *******************
task path: /etc/ansible/roles/pdns_recursor-ansible/tasks/main.yml:3
fatal: [host-02]: FAILED! => {
    "ansible_facts": {}, 
    "changed": false, 
    "failed": true, 
    "invocation": {
        "module_args": {
            "_raw_params": "Debian.yml"
        }, 
        "module_name": "include_vars"
    }, 
    "message": "Unable to find 'Debian.yml' in expected paths."
}
        to retry, use: --limit @/home/ubuntu/ansible/play/ex-pdns-recursor.retry

I had to comment those two lines in the main.yml task file :

#- name: Include OS-specific variables
#  include_vars: "{{ ansible_os_family }}.yml"

My mistake ?
Cheers

distinguish separate add key steps

- name: Add the PowerDNS repository key
  apt_key: url=http://repo.powerdns.com/CBC8B383-pub.asc id=D47975F8DAE32700A563E64FFF389421CBC8B383
  when: pdns_rec_repo_provider == "powerdns" and pdns_rec_repo_branch == "master"

- name: Add the PowerDNS repository key
  apt_key: url=http://repo.powerdns.com/FD380FBB-pub.asc id=9FAAA5577E8FCF62093D036C1B0C6205FD380FBB
  when: pdns_rec_repo_provider == "powerdns" and pdns_rec_repo_branch in ["40"]

Seeing 'skipped' for one of these is a bit confusing because they have the same name. Also applies to auth I expect.

should deploy config before installing package

I have both auth and recursor running on a machine, and the plan is to give them non-conflicting IP bindings. However, the recursor is installed (via apt-get in this case) before deploying the config, which means apt-get fails because the recursor is unable to bind to 127.0.0.1. If we deploy the config first I feel we could avoid some painful situations.

A similar consideration most likely applies to the auth role.

40 branch

Basically the ame as in PowerDNS/pdns-ansible#20

Installing from 40 branch on CentOS

  roles:
   - role: pdns_recursor-ansible
  vars:
    pdns_rec_installation_type: 'packages'
    pdns_rec_repo_provider: 'powerdns'
    pdns_rec_repo_branch: '40'
    pdns_rec_config:
      'allow-from': 'xxx.xxx.xxx.xxx'
      'local-address': '{{ ansible_eth0.ipv4.address }}:5300'

i ran into the following issue:

The packages use /etc/pdns-recursor as config dir, but the role defaults to /etc/powerdns

cannot do Raspbian installation

because we host raspbian separately at http://repo.powerdns.com/raspbian/dists/jessie-rec-master/InRelease while ansible_distribution | lower is still debian on raspbian.

Unable to install latest version from ansible-galaxy

Looks like ansible galaxy has two repos of powerdns recursor role (PowerDNS.PowerDNS.pdns_recursor and PowerDNS.pdns_recursor) but the one with the latest version (PowerDNS.PowerDNS.pdns_recursor) seems to not be installable:

computer:ansible user$ ansible-galaxy role install PowerDNS.PowerDNS.pdns_recursor
Starting galaxy role install process
- downloading role 'pdns_recursor', owned by PowerDNS.PowerDNS
[WARNING]: - PowerDNS.PowerDNS.pdns_recursor was NOT installed successfully: - sorry, PowerDNS.PowerDNS.pdns_recursor was not found on https://galaxy.ansible.com/api/.
ERROR! - you can use --ignore-errors to skip failed roles and finish processing the list.

Role fails to run in check mode

Hi!

I tried to run this role in check mode and got an error:

TASK [pdns_recursor-ansible : Set pdns version] ********************************************************************************************************************************************************************
fatal: [***]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'stdout'\n\nThe error appears to be in './roles/pdns_recursor-ansible/tasks/install-Linux.yml': line 40, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n    - name: Set pdns version\n      ^ here\n"}

This happens because task Obtain pdns version string doesn't run in check mode. So _pdns_rec_ver_output variable doesn't have a stdout key.

https://github.com/PowerDNS/pdns_recursor-ansible/blob/master/tasks/install-Linux.yml#L29
Fix is simple, just put check_mode: no in this task. Command doesn't change anything, so it is completely safe to run in even in check mode.

Support for 4.6 / 4.7 ?

Looks like 4.5 is the latest version this ansible role knows about? could do with updated vars for 4.6 and 4.7?

Allow from multiple networks generates invalid configuration file

Setting the allow_from as per the example (and the variable should be 'pdns_rec_config', not 'pdns_config' as in the example)

  vars:
    pdns_config:
      'allow-from':
        - '10.0.0.0/8'
        - '192.168.20.0/24'

generates the following config file -

allow-from=10.0.0.0/8
allow-from+=192.168.20.0/24

which is not accepted by the recursor:

NOTIFIED: [pdns_recursor-ansible | Restart PowerDNS Recursor] ***************** 
failed: [*.*.co.nz] => {"failed": true}
msg: Oct 12 00:50:47 Exception: Trying to set unexisting parameter 'allow-from+'

This line works - 'allow-from': '10.0.0.0/8, 192.168.20.0/24'

powerdns / pdns_recursor-ansible Goto Github PK

pdns_recursor-ansible's People

Stargazers

Watchers

Forkers

pdns_recursor-ansible's Issues

Recommend Projects

Recommend Topics

Recommend Org