geoDNS role

.gitignore

+.ssh/id_*

.ssh/README

+Add id_ansible and id_ansible.pub SSH keys

ansible.cfg

+[defaults]
+gathering = smart
+remote_user = ansible
+
+[privilege_escalation]
+become = True
+
+[ssh_connection]
+pipelining = True
+ssh_args = -o ControlMaster=auto -o ControlPersist=3600s -o StrictHostKeyChecking=false -i .ssh/id_ansible

deploy.sh

+#ansible-galaxy collection install community.general
+ansible-playbook playbook.yml -i inventory/inventory $@

files/srv.mdx.incubator.geant.org.json

+{
+  "ttl": 60,
+  "max_hosts": 1,
+  "data": {
+    "": {
+      "a": [
+        [ "193.224.22.78", 10 ]
+      ]
+    },
+    "srv1": {
+      "a": [
+        [ "193.224.22.78", 10 ]
+      ]
+    },
+    "srv1-signer": {
+      "a": [
+        [ "193.224.22.78", 10 ]
+      ]
+    },
+    "srv1-proxy": {
+      "a": [
+        [ "193.224.22.78", 10 ]
+      ]
+    },
+    "srv2": {
+      "a": [
+        [ "145.100.180.185", 10 ]
+      ]
+    },
+    "srv2-signer": {
+      "a": [
+        [ "145.100.180.185", 10 ]
+      ]
+    },
+    "srv2-proxy": {
+      "a": [
+        [ "145.100.180.185", 10 ]
+      ]
+    },
+    "srv3": {
+      "a": [
+        [ "62.217.72.109", 10 ]
+      ]
+    },
+    "srv3-signer": {
+      "a": [
+        [ "62.217.72.109", 10 ]
+      ]
+    },
+    "srv3-proxy": {
+      "a": [
+        [ "62.217.72.109", 10 ]
+      ]
+    },
+    "signer": {
+      "a": [
+        [ "193.224.22.78", 10 ],
+        [ "145.100.180.185", 10 ],
+        [ "62.217.72.109", 10 ]
+      ]
+    },
+    "signer.nl": {
+      "a": [
+        [ "145.100.180.185", 10 ]
+      ]
+    },
+    "proxy": {
+      "a": [
+        [ "193.224.22.78", 10 ],
+        [ "145.100.180.185", 10 ],
+        [ "62.217.72.109", 10 ]
+      ]
+    },
+    "proxy-eg": {
+      "a": [
+        [ "193.224.22.78", 10 ],
+        [ "145.100.180.185", 10 ],
+        [ "62.217.72.109", 10 ]
+      ]
+    },
+    "proxy-tst": {
+      "a": [
+        [ "193.224.22.78", 10 ],
+        [ "145.100.180.185", 10 ],
+        [ "62.217.72.109", 10 ]
+      ]
+    },
+    "proxy.nl": {
+      "a": [
+        [ "62.217.72.109", 10 ]
+      ]
+    }
+  }
+}

playbook.yml

+---
+- hosts: all
+  gather_facts: true
+  roles:
+    - {role: base,      tage: ['base']}
+
+- name: geoDNS
+  hosts: geodns
+  gather_facts: false
+  roles:
+    - {role: geodns,    tags: ['geodns']}
+
+- name: MDServer
+  hosts: mdserver
+  gather_facts: false
+  roles:
+    - {role: apache,    tags: ['apache']}
+    - {role: mdserver,  tags: ['mdserver']}
+
+- name: MDProxy
+  hosts: mdproxy
+  gather_facts: false
+  roles:
+    - {role: apache,    tags: ['apache']}
+    - {role: mdproxy,   tags: ['mdserver']}

requirements.yml

+---
+# Install using
+# ansible-galaxy collection install -r requirements.yml
+
+collections:
+- name: community.general

roles/base/tasks/main.yml

+---
+
+- name: Install packages
+  apt:
+    state: present
+    name:
+      - git

roles/geodns/defaults/main.yml

+---
+
+go_link: https://go.dev/dl/go1.16.13.linux-amd64.tar.gz
+
+geodns_repo: https://github.com/abh/geodns.git
+geodns_dir: /opt/geodns
+geo_dns_version: v3.2.0
+geo_dns_config: "{{ geodns_dir}}/config"
+
+geolite_dir: "{{ geodns_dir }}/GeoLite2DB"

roles/geodns/handlers/main.yml

+---
+- name: enable geodns job
+  systemd:
+    name: "geodns.service"
+    enabled: true
+    state: "restarted"
+    daemon_reload: true

roles/geodns/tasks/main.yml

+---
+
+- name: Check if go binary exists
+  stat:
+    path: "/opt/go/bin/go"
+  register: go
+
+- name: Download Go
+  ansible.builtin.unarchive:
+    src: "{{ go_link }}"
+    dest: /opt/
+    remote_src: yes
+  when: not go.stat.exists
+
+- name: Clone geoDNS repository
+  ansible.builtin.git:
+    repo: "{{ geodns_repo }}"
+    dest: "{{ geodns_dir }}"
+    version: "{{ geo_dns_version }}"
+  register: geodns_git
+
+- name: Check if geodns binary exists
+  stat:
+    path: "{{ geodns_dir }}/geodns"
+  register: geodns
+
+- name: Build geoDNS
+  ansible.builtin.command:
+    cmd: "/opt/go/bin/go build"
+    chdir: "{{ geodns_dir }}"
+  when: geodns_git.changed or not geodns.stat.exists
+  notify:
+    - "enable geodns job"
+
+- name: Create config dirs if it does not exist
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    mode: '0755'
+  with_items:
+    - "{{ geo_dns_config }}"
+    - "{{ geolite_dir }}"
+
+- name: Copy geoDNS config
+  ansible.builtin.copy:
+    src: "srv.mdx.incubator.geant.org.json"
+    dest: "{{ geo_dns_config }}"
+    mode: '0644'
+  notify:
+    - "enable geodns job"
+
+- name: Copy GeoLite2DB's
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "{{ geolite_dir }}"
+    mode: '0644'
+  with_items:
+    - GeoLite2-Country.mmdb
+  notify:
+    - "enable geodns job"
+
+- name: Create geoDNS config
+  ansible.builtin.template:
+    src: "geodns.conf.j2"
+    dest: "{{ geo_dns_config }}/geodns.conf"
+  notify:
+    - "enable geodns job"
+
+- name: Copy geoDNS service files
+  ansible.builtin.template:
+    src: "geodns.service.j2"
+    dest: "/etc/systemd/system/geodns.service"
+  notify:
+    - "enable geodns job"

roles/geodns/templates/geodns.conf.j2

+; GeoDNS configuration file
+;
+; It is recommended to distribute the configuration file globally
+; with your .json zone files.
+
+[geoip]
+;; Directory containing the GeoIP2 .mmdb database files; defaults
+;; to looking through a list of common directories looking for one
+;; of those that exists.
+directory={{ geolite_dir }}
+
+[querylog]
+;; directory to save query logs; disabled if not specified
+path = log/queries.log
+;; max size per file in megabytes before rotating (default 200)
+; maxsize = 100
+;; keep up to this many rotated log files (default 1)
+; keep = 2
+
+[http]
+; require basic HTTP authentication; not encrypted or safe over the public internet
+; user = stats
+; password = Aeteereun8eoth4
+
+[health]
+; directory = dns/health

roles/geodns/templates/geodns.service.j2

+[Unit]
+Description=GeoDNS server
+After=syslog.target network.target
+
+[Service]
+Type=simple
+WorkingDirectory={{ geodns_dir }}
+ExecStart=/opt/geodns/geodns -config={{ geo_dns_config }} -log -interface 0.0.0.0 -port 53
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+RestartSec=10
+SyslogIdentifier=geodns
+
+[Install]
+WantedBy=multi-user.target