Initial Commit

Author: 2stacks

.gitignore

@@ -0,0 +1,19 @@
+#  Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+*.tfvars
+
+# IntelliJ project files
+.idea
+*.iml
+out
+gen

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2019
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,66 @@
+# Deploy PowerDNS with Terraform
+Used to provision a PowerDNS server with PowerDNS-Admin interface in a libvirt environment
+
+Adapted from - https://blog.jonaharagon.com/installing-powerdns-admin-on-ubuntu-18-04/
+
+Note: This project is customized for KVM servers running Openvswitch.  Installation of these dependencies can be
+complex and is outside the scope of this project.
+
+The PowerDNS server configuration provided by this project will install an authoritative and recursive server as documented here:
+
+- https://doc.powerdns.com/authoritative/guides/recursion.html#scenario-1-authoritative-server-as-recursor-with-private-zones
+
+It has also been customized for use with the Terraform PowerDNS provider.
+- https://www.terraform.io/docs/providers/powerdns/index.html
+
+### Prereqs
+KVM Server running Openvswitch
+
+- https://github.com/mrlesmithjr/ansible-kvm
+- https://docs.openvswitch.org/en/latest/intro/install/distributions/
+
+Terraform and the terraform-provider-libvirt
+
+- https://www.terraform.io/downloads.html
+- https://github.com/dmacvicar/terraform-provider-libvirt#installing
+
+
+### Setup
+Clone Repository
+```bash
+git clone https://github.com/2stacks/terraform-powerdns.git
+cd terraform-powerdns
+```
+
+Create secrets variable file, add your SSH public key and update database passwords.
+```bash
+cp secret.auto.tfvars.example secret.auto.tfvars
+```
+
+Deploy libvirt guest with Terraform
+```bash
+terraform init
+terraform plan
+terraform apply
+```
+
+When Terraform finishes it will output the libvirt guest IP
+
+Example:
+```bash
+Outputs:
+
+ip = [
+    [
+        192.168.100.12,
+        fe80::5054:ff:fec2:43bd
+    ]
+]
+```
+
+Open `https://(output_ip)/login` in your browser and register a new admin account.
+
+### TODO
+- Secure PowerDNS-Admin interface with LetsEncrypt
+- Secure PowerDNS API server with LetsEncrypt
+- Move Terraform 'remote-exec' calls to shell scripts

default-vars.tf

@@ -0,0 +1,109 @@
+# CloudInit Variables
+variable "user_name" {}
+variable "ssh_authorized-key" {}
+
+# DNS/Mysql Variables
+variable "mysql_root_pass" {}
+variable "mysql_user" {}
+variable "mysql_user_pass" {}
+variable "api_key" {}
+
+variable "api_allow_from" {
+  description = "Define networks allowed to access PowerDNS API"
+  default = "127.0.0.1"
+}
+
+# Libvirt Variables
+variable "libvirt_uri" {
+  description = "URI of server running libvirtd"
+  default = "qemu:///system"
+}
+
+variable "prefix" {
+  description = "Resources will be prefixed with this to avoid clashing names"
+  default = "pub-dns"
+}
+
+variable "guest_count" {
+  description = "Number of Guests to Create"
+  default     = "1"
+}
+
+variable "libvirt_volume_source" {
+  description = "Volume Image Source"
+  default = "https://cloud-images.ubuntu.com/releases/bionic/release/ubuntu-18.04-server-cloudimg-amd64.img"
+}
+
+variable "libvirt_volume_pool" {
+  description = "Volume Storage Pool"
+  default = "default"
+}
+
+variable "libvirt_volume_size" {
+  description = "Volume Size in Bytes"
+  default = "21474836480"
+}
+
+variable "mac_prefix" {
+  description = "Must change before deploying in new subnet"
+  default = "52:54:00:00:06"
+}
+
+variable "hostname" {
+  description = "Guest Hostname"
+  default     = "ns"
+}
+
+variable "nameserver" {
+  description = "Default DNS server for host"
+  default     = "127.0.0.1"
+}
+
+variable "domain_name" {
+  description = "Default Domain Name for host"
+  default     = "xip.io"
+}
+
+variable "memory" {
+  default = "2048"
+}
+
+variable "vcpu" {
+  default = "2"
+}
+
+variable "network" {
+  description = "Name of Libvirt Network"
+  default = "default"
+}
+
+variable "port_group" {
+  description = "Name of OVS Port Group"
+  default = "default"
+}
+
+# SSL Variables
+variable "ssl_ou" {
+  description = "SSL Organizational Unit"
+  default = "IT Departement"
+}
+
+variable "ssl_o" {
+  description = "SSL Organization"
+  default = "DNS"
+}
+
+variable "ssl_l" {
+  description = "SSL Location"
+  default = "Mountain View"
+}
+
+variable "ssl_st" {
+  description = "SSL State"
+  default = "California"
+}
+
+variable "ssl_c" {
+  description = "SSL Country"
+  default = "US"
+}