Deploy DIM on a Virtual Machine Using Ansible Playbook

ansible-deployment/README.md

@@ -0,0 +1,43 @@
+Role Name
+=========
+
+An ansible playbook for deploy dim
+
+Requirements
+------------
+
+`python3` on the remote servers (dnf install python36 -y)
+
+This ansible only works on `Rocky Linux 8.5`, for more linux distro please test it.
+
+`Sudoer user`: The ansible user should be a member of the wheel group. and can use sudo without password.
+
+**Befor you run the ansible dim, you need to install the following packages:**
+
+```bash
+ansible-galaxy collection install ansible.posix
+ansible-galaxy collection install community.mysql
+```
+
+Role Variables
+--------------
+
+Check the `inventory` directory for a list of variables that can be passed into the role.
+
+
+How to use
+-----------
+
+```bash
+ansible-playbook -i inventory/dim-servers.ini dim.yml  --become --become-method=sudo
+```
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+Milad Norouzi ([email protected])

ansible-deployment/dim.yml

@@ -0,0 +1,5 @@
+- hosts: all
+  roles:
+    - role: dim
+  gather_facts: yes
+  any_errors_fatal: true

ansible-deployment/inventory/dim-servers.ini

@@ -0,0 +1,7 @@
+[all]
+dim ansible_host=5.34.207.235
+
+[all:vars]
+ansible_user=rocky
+ansible_port=22
+ansible_python_interpreter = "/usr/bin/python3"

ansible-deployment/inventory/group_vars/all.yaml

@@ -0,0 +1,67 @@
+# General
+install_ansible_modules: "true"
+disable_transparent_huge_pages: "true"
+setup_interface: "false"
+
+# Domain
+domain_name: "example.com"
+
+#DIM-Network
+network_path: "/etc/sysconfig/network-scripts"
+network_scripts_url: "https://dl.rockylinux.org/pub/rocky/9/devel/x86_64/os/Packages/n/network-scripts-10.11.5-1.el9.x86_64.rpm" # For rocky linux 9
+network_scripts_dest: "/tmp"
+network_scripts_package: "network-scripts-10.11.5-1.el9.x86_64.rpm"
+
+# DIM DB
+dim_db_name: "dim"
+pdns_int_db_name: "pdns_int"
+pdns_pub_db_name: "pdns_pub"
+
+
+# DIM DB info
+dim_db_user_name: "dim_user"
+dim_db_user_password: "dim_pass"
+dim_db_priv: "dim.*:ALL"
+dim_secret_key: "SuperSecretTtestkey"
+
+# pdns_int DB info
+dim_pdns_int_db_user_name: "dim_pdns_int_user"
+dim_pdns_int_db_user_password: "SuperSecret1"
+dim_pdns_int_db_priv: "pdns_int.*:INSERT,UPDATE,DELETE,SELECT"
+pdns_int_db_user_name: "pdns_int_user"
+pdns_int_db_user_password: "SuperSecret4"
+pdns_int_db_priv: "pdns_int.*:SELECT"
+
+# pdns_pub DB info
+dim_pdns_pub_db_user_name: "dim_pdns_pub_user"
+dim_pdns_pub_db_user_password: "SuperSecret2"
+dim_pdns_pub_db_priv: "pdns_pub.*:INSERT,UPDATE,DELETE,SELECT"
+pdns_pub_db_user_name: "pdns_pub_user"
+pdns_pub_db_user_password: "SuperSecret3"
+pdns_pub_db_priv: "pdns_pub.*:SELECT"
+
+# SQL
+sql_url: "https://raw.githubusercontent.com/1and1/dim/master/dim/pdns.sql"
+sql_file_path: "/tmp/pdns.sql"
+
+# PowerDNS
+pdns_conf_dir: "/etc/pdns"
+pdns_recursor_conf_path: "/etc/pdns-recursor"
+
+# DIM
+dim_config_path: "/etc/dim"
+din_example_path: "/srv/http/dim.example.com"
+
+dim_url: "https://github.com/1and1/dim/releases/download/dim-4.0.9/dim-4.0.9-1.el8.x86_64.rpm"
+dimclient_url: "https://github.com/1and1/dim/releases/download/dimclient-0.4.5/python3-dimclient-0.4.5-1.el8.x86_64.rpm"
+ndcli_url: "https://github.com/1and1/dim/releases/download/ndcli-4.0.3/python3-ndcli-4.0.3-1.el8.x86_64.rpm"
+dim_web_url: "https://github.com/1and1/dim/releases/download/dim-web-0.1/python3-dim-web-0.1-1.el8.x86_64.rpm"
+
+dim_repo: "https://github.com/1and1/dim"
+dim_repo_dest: "/usr/local/src/dim"
+
+# Httpd
+httpd_conf_path: "/etc/httpd/conf.d"
+
+# wsgi
+wsgi_path: "/opt/dim"

ansible-deployment/roles/dim/.travis.yml

@@ -0,0 +1,29 @@
+---
+language: python
+python: "2.7"
+
+# Use the new container infrastructure
+sudo: false
+
+# Install ansible
+addons:
+  apt:
+    packages:
+    - python-pip
+
+install:
+  # Install ansible
+  - pip install ansible
+
+  # Check ansible version
+  - ansible --version
+
+  # Create ansible.cfg with correct roles_path
+  - printf '[defaults]\nroles_path=../' >ansible.cfg
+
+script:
+  # Basic role syntax check
+  - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
+
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/

ansible-deployment/roles/dim/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for dim

ansible-deployment/roles/dim/files/dim.wsgi

@@ -0,0 +1,2 @@
+from dim import create_app
+application = create_app()

ansible-deployment/roles/dim/files/ifcfg-lo-bind-int

@@ -0,0 +1,8 @@
+DEVICE=lo
+IPADDR=127.4.0.1
+NETMASK=255.0.0.0
+NETWORK=127.0.0.0
+BROADCAST=127.255.255.255
+ONBOOT=yes
+NAME=loopback4
+NM_CONTROLLED=no

ansible-deployment/roles/dim/files/ifcfg-lo-pdns-int

@@ -0,0 +1,8 @@
+DEVICE=lo
+IPADDR=127.1.0.1
+NETMASK=255.0.0.0
+NETWORK=127.0.0.0
+BROADCAST=127.255.255.255
+ONBOOT=yes
+NAME=loopback1
+NM_CONTROLLED=no

ansible-deployment/roles/dim/files/ifcfg-lo-pdns-pub

@@ -0,0 +1,8 @@
+DEVICE=lo
+IPADDR=127.2.0.1
+NETMASK=255.0.0.0
+NETWORK=127.0.0.0
+BROADCAST=127.255.255.255
+ONBOOT=yes
+NAME=loopback2
+NM_CONTROLLED=no

ansible-deployment/roles/dim/files/ifcfg-lo-pdns-rec-int

@@ -0,0 +1,8 @@
+DEVICE=lo
+IPADDR=127.3.0.1
+NETMASK=255.0.0.0
+NETWORK=127.0.0.0
+BROADCAST=127.255.255.255
+ONBOOT=yes
+NAME=loopback3
+NM_CONTROLLED=no

ansible-deployment/roles/dim/files/my.cnf

@@ -0,0 +1,5 @@
+[client]
+user=root
+password=
+
+

ansible-deployment/roles/dim/files/query.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+# This script set empty password for user root to allow to connect to the database anonymously
+# Tested on Rocky linux 9
+
+sudo mysql -uroot -e "SET PASSWORD FOR 'root'@'localhost' = PASSWORD('');"
+sudo mysql -uroot -e "ALTER USER 'root'@'localhost' IDENTIFIED BY '';"
+sudo mysql -uroot -e "FLUSH PRIVILEGES;"
+sudo mysql -uroot -e "ALTER USER 'root'@'localhost' IDENTIFIED BY '';"
+sudo mysql -uroot -e "FLUSH PRIVILEGES;"
+sudo mysql -uroot -e "SET PASSWORD FOR 'root'@'localhost' = PASSWORD('');"

ansible-deployment/roles/dim/handlers/main.yml

@@ -0,0 +1,10 @@
+---
+# handlers file for dim
+- name: Restart mariadb
+  systemd:
+    name: mariadb
+    state: restarted
+
+- name: Reload systemctl daemon
+  systemd:
+    daemon_reload: yes

ansible-deployment/roles/dim/meta/main.yml

@@ -0,0 +1,53 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.9
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
+

ansible-deployment/roles/dim/tasks/basic.yml

@@ -0,0 +1,58 @@
+- name: Disable SELinux policy permanently
+  ansible.posix.selinux:
+    policy: targeted
+    state: disabled
+
+- name: Disable SELinux policy
+  shell:
+    cmd: setenforce 0
+  ignore_errors: true
+
+- name: Gather firewalld is installed
+  package_facts:
+    manager: auto
+
+- name: Stop and disable firewalld
+  systemd:
+    name: firewalld
+    state: stopped
+    enabled: false
+  when: "'firewalld' in ansible_facts.packages"
+
+- name: Enable epel-release
+  dnf:
+    name: epel-release
+    state: present
+
+- name: Install necessary packages
+  dnf:
+    name:
+      - wget
+      - htop
+      - bind-utils
+      - vim
+      - nload
+      - bc
+      - chkconfig
+      - initscripts
+      - python3-pip
+      - network-scripts
+    state: present
+    update_cache: true
+
+- name: Install python packages with pip
+  pip:
+    name: PyMySQL
+
+
+#### Uncomment it for Rocky linux 9
+# - name: Download network-scripts package
+#   get_url:
+#     url: "{{ network_scripts_url }}"
+#     dest: "{{ network_scripts_dest }}"
+
+# - name: Install network-scripts package
+#   dnf:
+#     name: "{{ network_scripts_dest }}/{{ network_scripts_package }}"
+#     state: present
+