Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/danylomikula/ansible-pihole-cluster

☄️ The easiest way to bootstrap a robust Pi-hole Highly Available cluster using Ansible with Keepalived for failover management, Gravity Sync for nodes synchronization, and Unbound as a recursive DNS server for higher privacy.
https://github.com/danylomikula/ansible-pihole-cluster

ansible ansible-playbook debian high-availability linux pi-hole pihole raspberry-pi rockylinux ubuntu

Last synced: 3 months ago
JSON representation

☄️ The easiest way to bootstrap a robust Pi-hole Highly Available cluster using Ansible with Keepalived for failover management, Gravity Sync for nodes synchronization, and Unbound as a recursive DNS server for higher privacy.

Awesome Lists containing this project

README

        


Pi-hole HA cluster with Keepalived, Gravity-Sync, and Unbound




pi-hole HA cluster project logo


## 📖 General Information
This Ansible playbook will allow you to bootstrap a Highly Available Pi-hole cluster with:
- [x] [keepalived](https://github.com/acassen/keepalived)
- [x] [Gravity Sync](https://github.com/vmstan/gravity-sync)
- [x] [unbound](https://github.com/NLnetLabs/unbound)

Has been tested on:
- [x] Debian - version 12 (bookworm)
- [x] Ubuntu - version 22.04 (Jammy Jellyfish)
- [x] Ubuntu - version 23.10 (Mantic Minotaur)
- [x] Rocky - version 9.4

## ✅ Requirements
- Ansible 2.14+

- Two `nodes` on which Pi-hole will be installed.

- Each `node` should have a static IP address.
> If your Linux distribution network controller is NetworkManager, you can use this example to set static IP, DNS, and gateway:

```bash
nmcli con mod "Wired connection 1" ipv4.addresses 10.0.20.50/24 ipv4.gateway 10.0.20.1 ipv4.dns "1.1.1.1 1.0.0.1" ipv4.ignore-auto-dns yes ipv4.method manual
```

- Passwordless SSH access between the machine running `ansible` and the `nodes`. If not, you can supply arguments to provide credentials `--ask-pass --ask-become-pass` to each command.

- Ansible should be able to use sudo without a password.

> You may need to configure this on `Rocky Linux`.

Suppose your `ansible_user = rocky`, run this command under `root` user to disable password verification for `rocky` user:

```bash
echo rocky 'ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/rocky
```

## 🚀 Getting Started
- Install collections that this playbook uses by running
`ansible-galaxy collection install -r ./collections/requirements.yml`

- Edit the `inventory/hosts.ini` file with IP addresses, hostnames and paths to your SSH keys for each node.
```bash
[master]
pihole-master ansible_host=10.0.20.50 ansible_ssh_private_key_file=~/.ssh/pihole-master priority=150

[backup]
pihole-backup ansible_host=10.0.20.51 ansible_ssh_private_key_file=~/.ssh/pihole-backup priority=140
```

- Modify `inventory/group_vars/all.yml` based on your needs.

- Start cluster provisioning using the following command:
`ansible-playbook bootstrap-pihole.yaml`

- Point your DNS server settings to the virtual IP (`pihole_vip_ipv4`, `pihole_vip_ipv6`) that you set previously in `inventory/group_vars/all.yml`

> [!NOTE]
> You can run `bootstrap-pihole.yaml` playbook at any time.

> It will bootstrap a fresh Pi-hole installation with updates (statistics will not be deleted)

## ⚙️ Updates
To quickly update system or change settings you can run `update-pihole.yaml` playbook

`ansible-playbook update-pihole.yaml`

You can use this playbook to:
- Update Pi-hole version.
- Update Pi-hole settings.
- Modify Pi-hole custom DNS or CNAME records.
- Update host packages and dependencies.