Use Ansible to Setup Google MX Records

Use Ansible to Setup Google MX Records

We've all done it. After purchasing that shiny new domain name from our favorite registrar (one of mine happens to be namecheap), we go to set it up. Part of that setup likely includes changing the domain's MX records to point to "your own" mail servers, of which there is a good chance that "your own" actually means Google owned:


Ah, a list familiar to most of us. So up to this point, it's been a manual process for me (I know... shame on me). But, today, I decided setting up domain MX records manually would end. Ansible to the rescue! Everything is built into the current version:

ansible --version
ansible 2.7.9

Thus no external modules are required. The only required module is built in. I'll show how to do this both from a plain playbook standpoint (since I did it that way first), and then using a role.

Playbook Method

The Ansible play is a simple one and consists of only 2 files, cloudflare_google_mx.yml and cloudflare.yml. The main playbook is as simple as this:

$ more playbook/cloudflare_google_mx.yml
- hosts: localhost
    - "{{ playbook_dir }}/../vars/cloudflare.yml"

    - name: Create Google MX Records
        zone: "{{ zone }}"
        name: "{{ zone }}"
        record: "{{ item.server }}"
        value: "{{ item.server }}"
        type: MX
        priority: "{{ item.priority }}"
        account_email: "{{ email }}"
        account_api_token: "{{ cloudflare.apikey | replace('\n', '') }}"
        state: present
        - { server: ASPMX.L.GOOGLE.COM., priority: 1 }
        - { server: ALT1.ASPMX.L.GOOGLE.COM., priority: 5 }
        - { server: ALT2.ASPMX.L.GOOGLE.COM., priority: 5 }
        - { server: ASPMX2.GOOGLEMAIL.COM., priority: 10 }
        - { server: ASPMX3.GOOGLEMAIL.COM., priority: 10 }

And the cloudflare.yml file under var_files holds an encrypted version of my cloudflare api key.

$ more vars/cloudflare.yml
  apikey: !vault |

Role Method

If you instead want to install a role, I've made one available on Ansible Galaxy (Ansible's role repository):

After installing the role via:
ansible-galaxy install june07.ansible_cloudflare_google_mx

You could then simply replace the tasks: section in your playbook/cloudflare_google_mx.yml playbook file with roles: instead, like this:

- hosts: localhost
    - "{{ playbook_dir }}/../vars/cloudflare.yml"
    - june07.cloudflare-google-mx

What's Going On

Because of the number (COUNT THEM... FIVE) of MX records that Google recommends in it's G Suite Admin documentation, I decided a loop would be useful in providing the neccessary server/priority values to the task I named "Create Google MX Records", which in turn is simply calling the cloudflare_dns module that Michael Gruener (@mgruener) contributed.

The Ansible command that brings it all together is:

ansible-playbook -e " [email protected]" playbook/cloudflare_google_mx.yml --vault-password-file ./.vault.json

Ansible Output

Per the documentation for the module, there are 3 required parameters. The Cloudflare API Key, the zone (, and the account_email ([email protected]). Everything else found under the loop variables will remain the same regardless of which new domain is setup. In the future when I decide to grab that newer, shinier domain name, with grandious plans of what it will serve as a beginning to, setting up Google MX Records will now be that simple.

ansible-playbook -e " [email protected]" playbook/cloudflare_google_mx.yml --vault-password-file ./.vault.json

No more time waste with manually setting these DNS records up manually. Done!