--- # This playbook is meant to be used with callable variables, like adhoc or AWX. # What: Creates dns records in the idm infrastructure based on the variables # provided. # What is expected: # -> ipaadmin_password: This should be the password of the admin user # -> ipaadmin_principal: The admin user that has kerberos management capabilities (default is admin) # -> ipa_zone: The zone name (eg, rockylinux.org) # -> ipa_name: The shortname (eg, buildbox instead of buildbox.rockylinux.org) # -> ipa_name_type: Type of record (eg, CNAME, A, AAAA, PTR) # -> ipa_name_value: Record value (depends on type of record) # -> ipa_presence: present or absent - name: Create a DNS Record hosts: "{{ host|default('ipaserver') }}" become: false gather_facts: false collections: - freeipa.ansible_freeipa tasks: - name: "Checking for user variables" ansible.builtin.assert: that: - ipaadmin_password | mandatory - ipa_zone | mandatory - ipa_name | mandatory - ipa_name_type | mandatory - ipa_name_value | mandatory - ipa_presence | mandatory success_msg: "Required variables provided" fail_msg: "We are missing zone information or ipa admin password" - name: "Creating DNS Record" freeipa.ansible_freeipa.ipadnsrecord: ipaadmin_principal: "{{ ipaadmin_principal|default('admin') }}" ipaadmin_password: "{{ ipaadmin_password }}" zone_name: "{{ ipa_zone }}" name: "{{ ipa_name }}" record_type: "{{ ipa_name_type }}" record_value: "{{ ipa_name_value }}" state: "{{ ipa_presence }}" tags: - dns # We try to do this just in case because if a certificate is being issued # that wants a CNAME, the host has to "manage" said host. However, if the # host doesn't exist, we'll ignore it. - name: "Creating host object for CNAME" freeipa.ansible_freeipa.ipahost: ipaadmin_principal: "{{ ipaadmin_principal|default('admin') }}" ipaadmin_password: "{{ ipaadmin_password }}" name: "{{ ipa_name }}.{{ ipa_zone }}" force: true managedby: - "{{ ipa_name_value[:-1] }}" ignore_errors: true when: ipa_name_type == "CNAME" ...