NiclasThobaben
/
bind9-ansible-role
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

initial implementation

master
Niclas Thobaben 2021-12-27 20:58:01 +01:00
parent c639551cae
commit cc7f0789a8
10 changed files with 180 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -4,11 +4,13 @@ Bind9 - Ansible ROle
Configure [bind9](https://www.isc.org/bind/) DNS-server with this ansible role.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
|name|type|default|description|
|---|---|---|---|
|bind9_zone_dir|path|/srv/dns|Directory to store zone files|
|bind9_zones|[object]|[]|Definition of zones|
Dependencies
------------

4
defaults/main.yml
View File

@ -1,2 +1,2 @@
---
# defaults file for bind9
bind9_zone_dir: /srv/dns
bind9_zones: []

31
tasks/01-dependencies.yml
View File

@ -1 +1,30 @@
# Install all required dependencies
# Install all required dependencies
- name: Update apt cache on debian based distros
become: true
apt:
update_cache: true
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- name: Ensure required dependencies are installed
become: true
package:
name:
- bind9
- dnsutils
state: present
- name: Ensure unneeded packages are not installed
become: true
package:
name:
- apparmor
state: absent
- name: Update / Upgrade apt packages
become: true
apt:
upgrade: true
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'

36
tasks/02-backup.yml 100644
View File

@ -0,0 +1,36 @@
# Backup bind9 config and zone files for potential rollback
- name: Ensure dir {{bind9_zone_dir}} exists
file:
path: /srv/dns
owner: bind
group: bind
mode: u+rwx
state: directory
register: dns_dir_result
- set_fact:
bind9_initial_setup: "{{dns_dir_result.changed}}"
- name: List all existing zone files
shell: "find {{ bind9_zone_dir }} -type f -exec basename {} \\;"
changed_when: false
register: existing_zones_result
- debug: "msg={{bind9_initial_setup}}"
- debug: "msg={{existing_zones_result.stdout_lines}}"
- name: Backup /etc/bind/named.conf.local
become: true
copy:
remote_src: true
src: /etc/bind/named.conf.local
dest: /etc/bind/named.conf.local.bak
when: not bind9_initial_setup
- name: Backup existing zone files
shell: "mv {{bind9_zone_dir}}/{{item}} {{bind9_zone_dir}}/{{item}}.bak"
with_items: result.stdout_lines
when: not bind9_initial_setup

19
tasks/03-configure.yml 100644
View File

@ -0,0 +1,19 @@
# Configure bind9
- name: Create named.conf.local
become: true
template:
src: named.conf.local.j2
dest: /etc/bind/named.conf.local
owner: bind
group: bind
mode: 0644
- name: Generate DNS zones
template:
src: zone.j2
dest: "/srv/dns/{{item.name}}.zone"
owner: bind
group: bind
mode: 0644
with_items: "{{bind9_zones | default([])}}"

10
tasks/04-test-changes.yml 100644
View File

@ -0,0 +1,10 @@
# Test if all defined zones are locally available and do a rollback if not
- name: "Test zone {{zone.name}}"
shell: "dig {{item.type | default('CNAME')}} {{ item.name | default('') + (item.name is defined | ternary('.', '')) + zone.name}} @localhost +short | grep -w '{{item.rdata | default('www')}}' -c"
register: dig_result
changed_when: dig_result.rc != 0
failed_when: dig_result.rc != 0
with_items: "{{zone.records}}"
- debug: "msg={{dig_result.results | selectattr('rc')}}"

28
tasks/05-rollback.yml 100644
View File

@ -0,0 +1,28 @@
# Rollback changes on error
- name: Rollback /etc/named.conf.local
copy:
remote_src: true
src: /etc/bind/named.conf.local.bak
dest: /ect/bind/named.conf.local
owner: bind
group: bind
mode: 0644
- name: Delete /etc/named.conf.local.bak
file:
path: /etc/named.conf.local.bak
state: absent
- name: Delete all changed zone files
shell: "rm $(find {{bind9_zone_dir}} -not -name '*.bak' -type f)"
changed_when: false
- name: List all backed up zone files
shell: "find {{bind9_zone_dir}} -name '*.bak' -type f -exec basename {} \\;"
changed_when: false
register: backup_zones_result
- name: Restore backed up zone files
shell: "mv {{bind9_zone_dir}}/{{item}}.bak {{bind9_zone_dir}}/{{item}}"
with_items: backup_zones_result.stdout_lines

21
tasks/main.yml
View File

@ -1,2 +1,19 @@
---
# tasks file for bind9
- import_tasks: 01-dependencies.yml
- import_tasks: 02-backup.yml
- import_tasks: 03-configure.yml
- block:
- name: Reload rndc
shell: rndc freeze && rndc reload && rndc thaw
- include_tasks: 04-test-changes.yml
with_items: "{{bind9_zones}}"
loop_control:
loop_var: zone
rescue:
- import_tasks: 05-rollback.yml
when: not bind9_initial_setup
- name: Reload rndc
shell: rndc freeze && rndc reload && rndc thaw

20
templates/named.conf.local.j2 100644
View File

@ -0,0 +1,20 @@
//========================================================================================================
//
// DO NOT TOUCH!
//
// This file is managed by Ansible.
// {{ansible_managed}}
//
//========================================================================================================
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
{% for zone in dns_zones %}
zone "{{zone.name}}" IN {
type {{zone.type}};
file "{{bind9_zone_dir}}/{{zone.name}}.zone";
};
{% endfor %}

12
templates/zone.j2 100644
View File

@ -0,0 +1,12 @@
;========================================================================================================
;
; DO NOT TOUCH!
;
; This file is managed by Ansible.
; {{ansible_managed}}
;
;========================================================================================================
@ IN SOA {{item.soa}} . ({{ansible_date_time.epoch}} 3600 900 604800 240)
{% for record in item.records %}
{{record}}
{% endfor%}