forked from htaudah/vmlab
-
Notifications
You must be signed in to change notification settings - Fork 0
/
dns.yml
176 lines (161 loc) · 5.64 KB
/
dns.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
# Playbook to configure the DNS Server with all needed DNS records. DNS records that correspond to
# domain-joined Windows hosts need not be created here, since they are automatically created by
# Active Directory when the hosts are joined.
# Written by: Hani Audah <[email protected]>
# Created on: Jun/16/2020
# -------------------------------------------------------------------------------------------------
- import_playbook: allocate_host_variables.yml
- hosts: "{{ groups['domain_controllers'] | random }}"
name: Configure private DNS records
vars_files:
- "{{ playbook_dir }}/vault.yml"
- "{{ playbook_dir }}/strings.yml"
- "{{ playbook_dir }}/customizations.yml"
vars:
ansible_connection: winrm
ansible_user: Administrator
ansible_password: "{{ win_local_password }}"
ansible_winrm_transport: ntlm
ansible_port: 5985
tasks:
- win_dns_record:
name: "uemc.{{ domain_name }}"
type: "A"
value: "{{ network_subnet }}.{{ virtual_ips['uem_console'] }}"
zone: "{{ domain_name }}"
- win_dns_record:
name: "uds.{{ domain_name }}"
type: "A"
value: "{{ network_subnet }}.{{ virtual_ips['uem_console'] }}"
zone: "{{ domain_name }}"
- win_dns_record:
name: "vdi.{{ domain_name }}"
type: "A"
value: "{{ network_subnet }}.{{ virtual_ips['uem_console'] }}"
zone: "{{ domain_name }}"
- name: Create A records for non-Windows hosts
community.windows.win_dns_record:
name: "{{ item }}.{{ domain_name }}"
type: "A"
value: "{{ network_subnet }}.{{ hostvars[item]['host_address'] }}"
zone: "{{ domain_name }}"
loop: "{{ groups['linux'] | union(groups['appliances']) }}"
#- name: Exchange internal FQDN
#win_dns_record:
#name: "mail"
#type: "A"
## TODO: for now just point to our only load balancer; revise later
#value: "{{ network_subnet }}.{{ hostvars['"
#- win_dns_record:
#name: "pki"
#type: "A"
#value: "{{ network_subnet }}.60"
#zone: "{{ domain_name }}"
#- name: Exchange MX record
#win_dns_record:
#name:
#- hosts: localhost
#connection: local
#name: Get all-in-one public IP
#vars_files:
#- "{{ playbook_dir }}/vault.yml"
#- "{{ playbook_dir }}/strings.yml"
#- "{{ playbook_dir }}/customizations.yml"
#tasks:
# Use the utility machine since it already has the aws credentials
- hosts: utility
name: Create public DNS records
vars_files:
- "{{ playbook_dir }}/vault.yml"
- "{{ playbook_dir }}/strings.yml"
- "{{ playbook_dir }}/customizations.yml"
vars:
ansible_user: root
ansible_password: "{{ linux_local_password }}"
tasks:
- name: Get access token
uri:
url: https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize?refresh_token={{ vmc_api_token }}
method: POST
validate_certs: no
headers:
Accept: application/json
register: access_token_response
- name: Get org ID
uri:
url: https://vmc.vmware.com/vmc/api/orgs
method: GET
validate_certs: no
headers:
csp-auth-token: "{{ access_token_response.json.access_token }}"
register: org_response
- name: Get SDDC ID
uri:
url: https://vmc.vmware.com/vmc/api/orgs/{{ org_response.json | json_query(filter_org_id) }}/sddcs
method: GET
validate_certs: no
headers:
csp-auth-token: "{{ access_token_response.json.access_token }}"
register: sddc_response
vars:
filter_org_id: "[? display_name=='{{ vmc_org_name }}'].id | [0]"
- set_fact:
nsx_public_url: "{{ sddc_response.json | json_query(filter_nsx_url) }}"
vars:
filter_nsx_url: "[? name=='{{ vmc_sddc_name }}'].resource_config.nsx_api_public_endpoint_url | [0]"
- name: Get Public IPs
uri:
url: "{{ nsx_public_url | regex_replace('sks-nsxt-manager', 'cloud-service') }}/api/v1/infra/public-ips"
method: GET
validate_certs: no
headers:
csp-auth-token: "{{ access_token_response.json.access_token }}"
register: public_ips_response
- name: Get existing public IPs
set_fact:
all_in_one_ip: "{{ public_ips_response.json.results | json_query(filter_public_ip) }}"
vars:
filter_public_ip: "[? id=='{{ userid }}_all_in_one'].ip"
- name: Ensure AWS config directory exists
file:
path: /root/.aws
state: directory
- name: Transfer AWS access config
template:
src: configurations/aws_config
dest: /root/.aws/config
- name: UAGR
community.aws.route53:
state: present
zone: "{{ domain_name }}"
record: uagr.{{ public_domain_name }}
type: A
value: "{{ all_in_one_ip }}"
- name: UEM Device Services
community.aws.route53:
state: present
zone: "{{ domain_name }}"
record: uds.{{ public_domain_name }}
type: A
value: "{{ all_in_one_ip }}"
- name: Email Notification Service
community.aws.route53:
state: present
zone: "{{ domain_name }}"
record: ens.{{ public_domain_name }}
type: A
value: "{{ all_in_one_ip }}"
- name: Secure Email Gateway
community.aws.route53:
state: present
zone: "{{ domain_name }}"
record: seg.{{ public_domain_name }}
type: A
value: "{{ all_in_one_ip }}"
- name: Django API
community.aws.route53:
state: present
zone: "{{ domain_name }}"
record: builder
type: A
value: "{{ all_in_one_ip }}"