Ansible module for automating DNS entry creation/deletion using the OVH API and reverse management.
Two modules are provided : ovh_dns (record management) and ovh_reverse (reverse management).
-
Install python-ovh using PIP:
pip install ovh
-
Add the module to Ansible's module directory or simply add the -M /route/to/ovh_dns flag when invoking Ansible.
You'll need a valid OVH application key to use this module. If you don't have one, you can follow these steps:
-
Visit https://eu.api.ovh.com/createApp/ and fill all fields.
-
You'll obtain an Application Key and an Application Secret.
-
Launch python or ipython in a terminal (
/domain/endpoints are forovh_dnsmodule,/ip/forovh_reverse):client = ovh.Client('ovh-eu', 'YOUR_APPLICATION_KEY', 'YOUR_APPLICATION_SECRET') access_rules = [ {'method': 'GET', 'path': '/domain/*'}, {'method': 'POST', 'path': '/domain/*'}, {'method': 'PUT', 'path': '/domain/*'}, {'method': 'DELETE', 'path': '/domain/*'}, {'method': 'GET', 'path': '/ip/*'}, {'method': 'POST', 'path': '/ip/*'}, {'method': 'DELETE', 'path': '/ip/*'} ] client.request_consumerkey(access_rules)
-
The reply to the last command is:
{ u'consumerKey': u'GENERATED_CONSUMER_KEY', u'state': u'pendingValidation', u'validationUrl': u'https://eu.api.ovh.com/auth/?credentialToken=XXXXXXXX' } -
After visiting the validationUrl, the GENERATED_CONSUMER_KEY will be valid.
-
Setup your shell so it exports the following values:
OVH_ENDPOINT=ovh-eu OVH_APPLICATION_KEY=YOUR_APPLICATION_KEY OVH_APPLICATION_SECRET=YOUR_APPLICATION_SECRET OVH_CONSUMER_KEY=GENERATED_CONSUMER_KEY
Environment variables can also be passed through Ansible task/playbook:
- name: OVH DNS playbook hosts: localhost environment: OVH_ENDPOINT: ovh-eu OVH_APPLICATION_KEY: YOUR_APPLICATION_KEY OVH_APPLICATION_SECRET: YOUR_APPLICATION_SECRET OVH_CONSUMER_KEY: GENERATED_CONSUMER_KEY
Create a typical A record:
- ovh_dns: state=present domain=mydomain.com name=db1 type=A value=10.10.10.10
Replace a typical A record if as multi record found with different target/value:
- ovh_dns: state=present domain=mydomain.com name=db1 type=A value=10.20.20.20 replace=10.10.10.10
Replace a typical A record if as multi record found with different target/value and create if not found:
- ovh_dns: state=present domain=mydomain.com name=db1 type=A value=10.20.20.20 replace=10.10.10.[0-9]* create=true
Create a CNAME record:
- ovh_dns: state=present domain=mydomain.com name=dbprod type=cname value=db1
Append a CNAME record:
- ovh_dns: state=append domain=mydomain.com name=dbprod type=cname value=db2
Delete an existing record, specific record:
- ovh_dns: state=absent domain=mydomain.com name=dbprod type=cname value=db1
Delete an existing record, all record same type:
- ovh_dns: state=absent domain=mydomain.com name=dbprod type=cname
Delete an existing record, all record same name:
- ovh_dns: state=absent domain=mydomain.com name=dbprod
Delete all TXT records matching '^_acme-challenge.*$' regex
- ovh_dns: state=absent domain=mydomain.com name='' type=TXT removes='^_acme-challenge.*'
Create a reverse
- ovh_reverse: ip=10.10.10.10 state=present reverse=myhost.mydomain.tld.
Check a reverse exists, else triggers a failure
- ovh_reverse: ip=10.10.10.10 state=present
Delete a reverse
- ovh_reverse: ip=10.10.10.10 state=absent
Module supports --diff switch; it displays a YAML diff between removed and added records:
- ovh_dns: state=present domain=mydomain.com name=db1 type=A value=10.20.20.20 replace=10.10.10.10 - domain: kobalt.fr
fieldType: A
subDomain: db1
- target: 10.10.10.10
+ target: 10.20.20.20
ttl: 3600| Parameter | Required | Default | Choices | Comments |
|---|---|---|---|---|
| domain | yes | Name of the domain zone | ||
| name | yes | Name of the DNS record | ||
| value | no | Value of the DNS record (i.e. what it points to) | ||
| ttl | no | 3600 | integer value | DNS record TTL value in seconds (defaults to 3600) |
| type | no | See comments | Type of DNS record (A, AAAA, CAA, CNAME, DKIM, LOC, MX, NAPTR, NS, PTR, SPF, SRV, SSHFP, TLSA, TXT) | |
| state | no | present | present,absent,append | Determines wether the record is to be created/modified or deleted |
| removes | no | regex pattern | specifies a regex pattern to match for bulk deletion | |
| replace | no | Old value of the DNS record (i.e. what it points to now) | ||
| create | no | true,false | Used with replace for forced creation |
| Parameter | Required | Default | Choices | Comments |
|---|---|---|---|---|
| ip | yes | IP (NNN.NNN.NNN.NNN) we want to check the associated reverse | ||
| state | no | present | present, absent | present with empty reverse to only check a reverse record exists, present with a reverse to check existence and value, absent to check no reverse exists |
| reverse | no | Expected reverse. Not used if state=absent. If state=present and reverse empty or not set, module only checks reverse existence (whatever value is set). OVH API checks that provided reverse resolves to the appropriate IP. |