https://github.com/ab77/ansible-smartdns
deploy SNIProxy and/or dnsmasq with Ansible
https://github.com/ab77/ansible-smartdns
Last synced: 3 months ago
JSON representation
deploy SNIProxy and/or dnsmasq with Ansible
- Host: GitHub
- URL: https://github.com/ab77/ansible-smartdns
- Owner: ab77
- Created: 2017-12-08T18:44:15.000Z (over 8 years ago)
- Default Branch: master
- Last Pushed: 2017-12-08T18:46:35.000Z (over 8 years ago)
- Last Synced: 2025-04-12T20:36:23.995Z (about 1 year ago)
- Language: Python
- Size: 17.6 KB
- Stars: 4
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# SmartDNS
## Ansible
### install on master
```
apt-get update\
&& apt-get install -y --no-install-recommends git\
&& (git clone git@github.com:ab77/ansible-smartdns.git\
|| git clone https://github.com/ab77/ansible-smartdns.git)\
&& cd ansible-smartdns\
&& apt-get install -y --no-install-recommends\
python-minimal python-pip python-setuptools\
&& pip install -r requirements.txt --upgrade\
&& ansible --version
```
### update master
To update the local repository from upstream master, run `git pull`.
### configure environment
All of the top-level environment variables are located in `environments/000_cross_vars` (e.g.):
```
# cross environment
ansible_ssh_user: root
resolvers:
- 8.8.8.8
- 8.8.4.4
dnsmasq_listen_addresses:
- "{{ ansible_default_ipv4.address }}"
- "{{ ansible_default_ipv6.address }}"
sniproxy_version: 0.5.0
sniproxy_mode: mode ipv4_only
bypass_sub_domains:
proxy_domains:
- akadns.net
- akam.net
- akamai.com
- akamai.net
- akamaiedge.net
...
```
### deploy
#### dev
##### configure hosts
* create hosts file
```
cp environments/templates/hosts.template environments/dev/hosts
```
* populate `environments/dev/hosts` with IP addresses under relevant `[section]`
* create and add IPs to `environments/dev/files/ip_whitelist.txt` (e.g.):
```
149.101.145.11
121.212.175.192
10.145.74.106
182.34.28.163
170.116.31.140
```
* if not using IPv6, just `touch environments/dev/files/ip6_whitelist.txt`
* run playbook
```
ansible-playbook site.yml --inventory-file=environments/dev/hosts
```
#### live
##### configure hosts
* create hosts file
```
cp environments/templates/hosts.template environments/live/hosts
```
* populate `environments/live/hosts` with IP addresses
* create and add IPs to `environments/live/files/ip_whitelist.txt` and `ip6_whitelist.txt`
* if not using IPv6, `touch environments/live/files/ip6_whitelist.txt`
* run playbook
```
ansible-playbook site.yml --inventory-file=environments/live/hosts
```
### environment variables override (optional)
Environment variables are inherited from the top-level as follows:
* environments/000_cross_vars
* environments/dev/group_vars/all
* environments/dev/group_vars/{{group}}
* environments/dev/host_vars/{{host}}
Override environment variables at the host level as follows:
* create host skeleton under `host_vars`
```
cp -r environments/templates/{{env}}/host_vars/__template__\
environments/templates/{{env}}/host_vars/{{ipaddr}}
```
* add override environment variables to `vars` (e.g.):
```
dnsmasq_listen_addresses:
- 166.246.157.23
- 99.34.68.44
- 87.53.234.105
```
### secrets management (optional)
Sometimes it is necessary to store secrets (e.g. keys, passwords).
* create or edit Ansible vault in the appropriate directory (e.g. `environments/`)
```
ansible-vault edit 000_cross_vault || ansible-vault create 000_cross_vault
```
* create vault variables as follows
```
vault_my_secret: mysupersecretpassword
```
* reference secret in `vars` file as follows:
```
my_secret: "{{ vault_my_secret }}"
```
* reference `my_secret` environment variable in tasks as `"{{ my_secret }}"`
* store the vault secret password in `~/.ansible/credentials`
* run playbook unattended as follows:
```
ansible-playbook site.yml\
--inventory-file=environments/live/hosts\
--vault-password-file ~/.ansible/credentials
```