Infrastructure/ansible
5
0
Fork 0
Code Issues Pull requests 3 Projects Releases Packages Wiki Activity Actions

ipa/client: enable for unbound in prod

Browse source 
Signed-off-by: Nils Philippsen <nils@redhat.com>
This commit is contained in:
Nils Philippsen 2021-03-19 17:25:38 +01:00
parent 29aa38add0
commit 36cb1aaba7
2 changed files with 2 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
inventory/group_vars/unbound
View file

@ -11,7 +11,7 @@ custom_rules: [ '-A INPUT -p tcp -m tcp -s 209.132.184.0/24 --dport 53 -j ACCEPT
'-A INPUT -p tcp -m tcp -s 209.132.181.0/24 --dport 53 -j ACCEPT',
'-A INPUT -p udp -m udp -s 209.132.181.0/24 --dport 53 -j ACCEPT' ]
fas_client_groups: sysadmin-dns
primary_auth_source: ipa
ipa_host_group: unbound
ipa_host_group_desc: Unbound caching DNS
ipa_client_shell_groups:

4
playbooks/groups/unbound.yml
View file

@ -15,8 +15,7 @@
- rkhunter
- nagios_client
- hosts
- { role: ipa/client, when: env == "staging" }
- { role: fas_client, when: env != "staging" }
- ipa/client
- collectd/base
- unbound
- sudo
@ -27,7 +26,6 @@
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
tasks:
- import_tasks: "{{ tasks_path }}/2fa_client.yml"
- import_tasks: "{{ tasks_path }}/motd.yml"
handlers: