initial version for Debian 10 with nodejs and flask installation

README.md

@@ -1,2 +1,90 @@
-Ansible role to install PowerDNS-Admin
-https://github.com/ngoduykhanh/PowerDNS-Admin
+ansible-role-pdns_admin
+=======================
+
+Ansible role to install PowerDNS-Admin, a python-based webfrontend for PowerDNS.
+
+Tested on Debian 10, 11 only!
+
+Requirements
+------------
+
+None at the moment.
+
+Description
+-----------
+
+There are two ways to install pdns-Admin - either natively (using git, yarn, etc.) or using docker.
+
+The necessary variables differ - choose the table that fits your requirements
+
+Role Variables
+--------------
+
+### Common variables
+
+| Variable | Default | Comments (type) |
+| --- | --- | --- |
+| pdns_admin__install_mode | 'docker' | Either 'docker' or 'native'. Describes the install mode. |
+| pdns_admin__listen_port | 9393 | The port pdns-admin should listen on. On docker, this is the port on the host that is forwarded to the container |
+| pdns_admin__listen_ip | 127.0.0.1 | The port pdns-admin should listen on. On docker, this is the IP of the host that will forwarded to the container |
+| pdns_admin__database_config | empty | The database config for pdns-admin (details below) **mandatory** |
+| pdns_admin__database_credentials | empty | The credentials used to log in to the mysql host (for user & DB creation; details below) **mandatory** |
+
+### Docker variables
+
+| Variable | Default | Comments (type) |
+| --- | --- | --- |
+| pdns_admin__docker_packages | distro specific | A list of packages needed for docker |
+| pdns_admin__docker_compose_dir | '/opt/docker-compose/pdns-admin' | The docker-compose dir where the config is stored |
+| pdns_admin__image_name | 'ngoduykhanh/powerdns-admin' | The image location to use |
+| pdns_admin__container_name | pdns-admin | The name for the docker container |
+
+### schema of pdns_admin__database_config
+
+| Key | Comments (type) |
+| --- | --- |
+| sqla_db_user | The database user for pdns-admin |
+| sqla_user_loginhost | The host / network from which the db accepts connection |
+| sqla_db_password | The password for the pdns-admin db user |
+| sqla_db_name | The name of the database for pdns-admin |
+
+### schema of pdns_admin__database_credentials
+
+| Key | Comments (type) |
+| --- | --- |
+| priv_user | The database user that has permission to create the pdns-admin database and user |
+| priv_password | The password to log the `priv_user` into the database server |
+| priv_host | The IP-address / hostname of the database server |
+
+
+Dependencies
+------------
+
+None.
+
+Example Playbook
+----------------
+
+    - hosts: pdnsadmin_servers
+      roles:
+        - role: pdns_admin
+          vars:
+            pdns_admin__install_mode: docker
+            pdns_admin__database_config:
+              sqla_db_user: pdnsa
+              sqla_db_password: SupaSicretPasswurt
+              sqla_db_name: pdnsa
+            pdns_admin__database_credentials:
+              priv_user: root
+              priv_host: mydb-server.lan
+              priv_password: AnotherSecretPassword
+
+License
+-------
+
+GPL v3
+
+Author Information
+------------------
+
+Original implementation by Jascha Sticher (-1855)

defaults/main.yml

@@ -1,27 +1,38 @@
 ---
-pdns_admin_service_name: powerdns
-pdns_admin_git_repo_url: https://github.com/ngoduykhanh/PowerDNS-Admin.git
-pdns_admin_pip_packages:
-  - mysql-python
+# install mode
+pdns_admin__install_mode: docker
 
-pdns_admin_root_path: /var/www
-pdns_admin_path: "{{ pdns_admin_root_path }}/powerdns-admin"
-pdns_admin_requirements_path: "{{ pdns_admin_path }}/requirements.txt"
+# for native installations
+pdns_admin__service_name: powerdns-admin
+pdns_admin__git_repo_url: https://github.com/ngoduykhanh/PowerDNS-Admin.git
+pdns_admin__pip_packages: ~
+pdns_admin__root_path: /var/www
+pdns_admin__path: "{{ pdns_admin__root_path }}/powerdns-admin"
+pdns_admin__requirements_path: "{{ pdns_admin__path }}/requirements.txt"
 
-pdns_admin_conf_filename: config.py
-pdns_admin_conf_template_filename: "{{ pdns_admin_conf_filename }}.j2"
-pdns_admin_conf_filepath: "{{ pdns_admin_path }}/{{ pdns_admin_conf_filename }}"
+pdns_admin__conf_filename: default_config.py
+pdns_admin__conf_template_filename: config.py.j2
+pdns_admin__conf_filepath: "{{ pdns_admin__path }}/powerdnsadmin/{{ pdns_admin__conf_filename }}"
 
-pdns_admin_systemd_filename: powerdns-admin.service
-pdns_admin_systemd_template_filename: "{{ pdns_admin_systemd_filename }}.j2"
-pdns_admin_systemd_filepath: "/etc/systemd/system/{{ pdns_admin_systemd_filename }}"
+pdns_admin__systemd_filename: powerdns-admin.service
+pdns_admin__systemd_template_filename: "{{ pdns_admin__systemd_filename }}.j2"
+pdns_admin__systemd_filepath: "/etc/systemd/system/{{ pdns_admin__systemd_filename }}"
 
-pdns_admin_python_venv_path: /opt/vens/powerdns
-pdns_admin_python_path: "{{ pdns_admin_python_venv_path }}/bin/python"
+pdns_admin__python_venv_path: /opt/vens/powerdns
+pdns_admin__python_path: "{{ pdns_admin__python_venv_path }}/bin/python"
 
-#TODO merge all configuration
-#TODO union configuration
-pdns_admin_global_config:
+# for docker installations
+pdns_admin__docker_packages: "{{ pdns_admin__default_docker_packages }}"
+pdns_admin__docker_compose_dir: '/opt/docker-compose/pdns-admin'
+pdns_admin__image_name: "ngoduykhanh/powerdns-admin"
+pdns_admin__container_name: pdns-admin
+
+# PDNS-admin config
+pdns_admin__listen_port: 9393
+pdns_admin__listen_ip: 127.0.0.1
+pdns_admin__workers: 4
+
+pdns_admin__global_config:
   wtf_csrf_enabled: true
   secret_key: CHANGEME
   bind_address: 0.0.0.0
@@ -32,55 +43,23 @@ pdns_admin_global_config:
   log_level: DEBUG
   log_file: pdns-admin.log
   # For Docker, leave empty string
-  #log_file: ''
-  #default auth
+  # log_file: ''
+  # default auth
   basic_enabled: true
   signup_enabled: true
 
-pdns_admin_database_config:
-  # DATABASE CONFIG
-  #You'll need MySQL-python
+pdns_admin__database_config:
   sqla_db_user: pdns-admin
   sqla_db_password: CHANGEME
-  sqla_db_host: your-db-server
   sqla_db_name: pdns-admin
-  #sqlite
-  #sqlalchemy_database_uri: 'sqlite:////path/to/your/pdns.db'
+  sqlalchemy_database_uri: "{{ 'mysql://'+sqla_db_user+':'+sqla_db_password+'@'+sqla_db_host+'/'+sqla_db_name }}"
+  # only used if using sqlite database in sqlalchemy_database_uri
+  sqlalchemy_migrate_repo: "{{ 'os.path.join(basedir, 'db_repository')' if pdns_admin__database_config['sqlalchemy_database_uri'] is search('sqlite') }}"
   sqlalchemy_track_modifications: true
 
-# pdns_admin_external_auth_config:
-#   ldap:
-#     # ldap config
-#     ldap_type: ldap
-#     ldap_uri: ldaps://your-ldap-server:636
-#     ldap_username: cn=dnsuser,ou=users,ou=services,dc=duykhanh,dc=me
-#     ldap_password: dnsuser
-#     ldap_search_base: ou=system admins,ou=people,dc=duykhanh,dc=me
-#     # additional options only if ldap_type=ldap
-#     ldap_usernamefield: uid
-#     ldap_filter: (objectclass=inetorgperson)
-#     # ad:
-#     #   # ad config
-#     #   ldap_type: 'ad'
-#     #   ldap_uri: 'ldaps://your-ad-server:636'
-#     #   ldap_username: 'cn=dnsuser,ou=users,dc=domain,dc=local'
-#     #   ldap_password: 'dnsuser'
-#     #   ldap_search_base: 'dc=domain,dc=local'
-#     #   # you may prefer 'userprincipalname' instead
-#     #   ldap_usernamefield: 'samaccountname'
-#     #   # ad group that you would like to have accesss to web app
-#     #   ldap_filter: 'memberof=cn=dns_users,ou=groups,dc=domain,dc=local'
-#   github:
-#     # github oauth
-#     github_oauth_enable: false
-#     github_oauth_key: CHANGEME
-#     github_oauth_secret: CHANGEME
-#     github_oauth_scope: email
-#     github_oauth_url: http://127.0.0.1:5000/api/v3/
-#     github_oauth_token: http://127.0.0.1:5000/oauth/token
-#     github_oauth_authorize: http://127.0.0.1:5000/oauth/authorize
+pdns_admin__sqlite_db_file: "'{{ pdns_admin__path }}/powerdnsadmin/pdns-admin.sql' if pdns_admin__database_config['sqlalchemy_database_uri'] is search('sqlite') }}"
 
-pdns_admin_main_config:
+pdns_admin__main_config:
   # powerdns config
   pdns_stats_url: http://pdns-stat-ip:8081
   pdns_api_key: CHANGEME

handlers/main.yml

@@ -1,5 +1,10 @@
 ---
 - name: Restart Powerdns Admin Service
   systemd:
-    name: "{{ pdns_admin_systemd_filename }}"
+    name: "{{ pdns_admin__systemd_filename }}"
     state: restarted
+- name: pdns_admin__docker_restart
+  docker_compose:
+    project_src: "{{ pdns_admin__docker_compose_dir }}"
+    state: present
+    restarted: true

meta/.galaxy_install_info

@@ -0,0 +1,2 @@
+install_date: Fri Apr 16 11:44:13 2021
+version: ''

meta/main.yml

@@ -1,17 +1,14 @@
+---
 galaxy_info:
   author: Natthaphon Phoonsookserm
   description: Ansible role to install PowerDNS Admin
   license: MIT
   min_ansible_version: 2.2
   platforms:
-  - name: EL
-    versions:
-    - 7
-  - name: Ubuntu
-    versions:
-    - trusty
-    - xenial
+    - name: Debian
+      versions:
+        - 11
+        - 10
   galaxy_tags:
     - powerdns
     - powerdns-admin
-dependencies: []

tasks/common-postinstall.yml

@@ -0,0 +1,50 @@
+---
+
+- name:  MySQL database handling
+  block:
+    - name: Create the pdns-admin MySQL databases
+      mysql_db:
+        login_user: "{{ pdns_admin__database_credentials['priv_user'] }}"
+        login_password: "{{ pdns_admin__database_credentials['priv_password'] }}"
+        login_host: "{{ pdns_admin__database_credentials['priv_host'] }}"
+        login_port: "{{ pdns_admin__database_config['sqla_db_port'] | default('3306') }}"
+        name: "{{ pdns_admin__database_config['sqla_db_name'] }}"
+        state: present
+
+    - name: Grant pdns-admin access to the MySQL databases
+      mysql_user:
+        login_user: "{{ pdns_admin__database_credentials['priv_user'] }}"
+        login_password: "{{ pdns_admin__database_credentials['priv_password'] }}"
+        login_host: "{{ pdns_admin__database_credentials['priv_host'] }}"
+        login_port: "{{ pdns_admin__database_config['sqla_db_port'] | default('3306') }}"
+        name: "{{ pdns_admin__database_config['sqla_db_user'] }}"
+        password: "{{ pdns_admin__database_config['sqla_db_password'] }}"
+        host: "{{ pdns_admin__database_config['sqla_user_loginhost'] }}"
+        priv: "{{ pdns_admin__database_config['sqla_db_name'] }}.*:ALL"
+        append_privs: true
+        state: present 
+  when: pdns_admin__sqlite_db_file is undefined
+
+- name: sqlite installation and db file creation
+  block:
+    - name: Install the SQLite dependencies on RedHat
+      package:
+        name: sqlite
+        state: present
+      when: ansible_os_family == 'RedHat'
+
+    - name: Install the SQLite dependencies on Debian
+      package:
+        name: sqlite3
+        state: present
+      when: ansible_os_family == 'Debian'
+
+    - name: Ensure that the directories containing the PowerDNS Admin SQLite databases exist
+      file:
+        name: "{{ item | dirname }}"
+        owner: "root"
+        group: "root"
+        state: directory
+        mode: 0770
+      with_items: "{{ pdns_admin__sqlite_db_file }}"
+  when: pdns_admin__sqlite_db_file is defined

tasks/docker-install.yml

@@ -0,0 +1,18 @@
+---
+- name: install docker
+  package:
+    name: "{{ item }}"
+    state: present
+  with_items: "{{ pdns_admin__docker_packages }}"
+- name: create docker directory
+  file:
+    path: "{{ pdns_admin__docker_compose_dir }}"
+    mode: '0644'
+    state: directory
+    recurse: true
+- name: create docker compose file
+  template:
+    dest: "{{ pdns_admin__docker_compose_dir }}/docker-compose.yml"
+    mode: 0644
+    src: docker/docker-compose.yml.j2
+  notify: pdns_admin__docker_restart

tasks/main.yml

@@ -1,3 +1,14 @@
 ---
-- include: powerdns_install.yml
-- include: powerdns_post.yml
+- name: Add the OS specific variables
+  include_vars: "{{ ansible_os_family }}.yml"
+- name: Make sure installation mode is set
+  assert:
+    that:
+      - pdns_admin__install_mode is defined
+      - pdns_admin__install_mode is in pdns_admin__supported_install_modes
+- name: "Include installation tasks for {{ pdns_admin__install_mode }}"
+  include: "{{ pdns_admin__install_mode }}-install.yml"
+- name: "Include common tasks after installation (e.g. database connection)"
+  include: common-postinstall.yml
+- name: flush handlers
+  meta: flush_handlers