Loading
Commits on Source 4
-
Thomas Woerner authored
This change adds support for DNS over TLS to the ipaclient role. New variables ipaclient_dns_over_tls Configure DNS over TLS. Requires FreeIPA version 4.12.5 or later. (bool, default: false) required: false ipaclient_no_dnssec_validation Disable DNSSEC validation for DNS over TLS. This turns off DNSSEC validation for unbound. Only usable if `ipaserver_dns_over_tls` is enabled. (bool, default: false) reqiured: false New distribution specific variable ipaclient_packages_dot List of IPA packages needed for DNS over TLS. The resolver configuratoin for DNS over TLS is not part of this change and will be added later on. Therefore it is needed to configure the resolver for DNS over TLS before starting the deployment with ipaclient role. This is essential for using an IPA DNS server with DoT and enforced DNS policy so that only DoT is usable. -
Thomas Woerner authored
This change adds support for DNS over TLS to the ipaserver role. New variables ipaserver_dot_forwarders List of DNS over TLS forwarders. Required if ipaserver_dns_over_tls is enabled. (list of strings) required: false ipaserver_dns_over_tls | ipaclient_dns_over_tls Configure DNS over TLS. Requires FreeIPA version 4.12.5 or later. (bool, default: false) required: false ipaserver_dns_over_tls_cert Certificate to use for DNS over TLS. If empty, a new certificate will be requested from IPA CA. (string) required: false ipaserver_dns_over_tls_key Key for certificate specified in ipaserver_dns_over_tls_cert. (string) required: false ipaserver_dns_policy Encrypted DNS policy. Only usable if `ipaserver_dns_over_tls` is enabled. (choice: relaxed, enforced, default: relaxed) required: false New distribution specific variable ipaserver_packages_dot List of IPA packages needed for DNS over TLS. -
Thomas Woerner authored
This change adds support for DNS over TLS to the ipareplica role. New variables ipareplica_dot_forwarders List of DNS over TLS forwarders. Required if ipareplica_dns_over_tls is enabled. (list of strings) required: false ipareplica_dns_over_tls | ipaclient_dns_over_tls Configure DNS over TLS. Requires FreeIPA version 4.12.5 or later. (bool, default: false) required: false ipareplica_dns_over_tls_cert Certificate to use for DNS over TLS. If empty, a new certificate will be requested from IPA CA. (string) required: false ipareplica_dns_over_tls_key Key for certificate specified in ipareplica_dns_over_tls_cert. (string) required: false ipareplica_dns_policy Encrypted DNS policy. Only usable if `ipareplica_dns_over_tls` is enabled. (choice: relaxed, enforced, default: relaxed) required: false New distribution specific variable ipareplica_packages_dot List of IPA packages needed for DNS over TLS. -
Varun Mylaraiah authored
ipaserver, ipareplica and ipaclient roles: Add DNS over TLS support