initial implementation
parent
c639551cae
commit
cc7f0789a8
|
@ -4,11 +4,13 @@ Bind9 - Ansible ROle
|
||||||
Configure [bind9](https://www.isc.org/bind/) DNS-server with this ansible role.
|
Configure [bind9](https://www.isc.org/bind/) DNS-server with this ansible role.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Role Variables
|
Role Variables
|
||||||
--------------
|
--------------
|
||||||
|
|
||||||
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
|
|name|type|default|description|
|
||||||
|
|---|---|---|---|
|
||||||
|
|bind9_zone_dir|path|/srv/dns|Directory to store zone files|
|
||||||
|
|bind9_zones|[object]|[]|Definition of zones|
|
||||||
|
|
||||||
Dependencies
|
Dependencies
|
||||||
------------
|
------------
|
||||||
|
|
|
@ -1,2 +1,2 @@
|
||||||
---
|
bind9_zone_dir: /srv/dns
|
||||||
# defaults file for bind9
|
bind9_zones: []
|
|
@ -1 +1,30 @@
|
||||||
# Install all required dependencies
|
# Install all required dependencies
|
||||||
|
|
||||||
|
- name: Update apt cache on debian based distros
|
||||||
|
become: true
|
||||||
|
apt:
|
||||||
|
update_cache: true
|
||||||
|
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
|
||||||
|
|
||||||
|
- name: Ensure required dependencies are installed
|
||||||
|
become: true
|
||||||
|
package:
|
||||||
|
name:
|
||||||
|
- bind9
|
||||||
|
- dnsutils
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Ensure unneeded packages are not installed
|
||||||
|
become: true
|
||||||
|
package:
|
||||||
|
name:
|
||||||
|
- apparmor
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- name: Update / Upgrade apt packages
|
||||||
|
become: true
|
||||||
|
apt:
|
||||||
|
upgrade: true
|
||||||
|
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,36 @@
|
||||||
|
# Backup bind9 config and zone files for potential rollback
|
||||||
|
|
||||||
|
- name: Ensure dir {{bind9_zone_dir}} exists
|
||||||
|
file:
|
||||||
|
path: /srv/dns
|
||||||
|
owner: bind
|
||||||
|
group: bind
|
||||||
|
mode: u+rwx
|
||||||
|
state: directory
|
||||||
|
register: dns_dir_result
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
bind9_initial_setup: "{{dns_dir_result.changed}}"
|
||||||
|
|
||||||
|
- name: List all existing zone files
|
||||||
|
shell: "find {{ bind9_zone_dir }} -type f -exec basename {} \\;"
|
||||||
|
changed_when: false
|
||||||
|
register: existing_zones_result
|
||||||
|
|
||||||
|
|
||||||
|
- debug: "msg={{bind9_initial_setup}}"
|
||||||
|
- debug: "msg={{existing_zones_result.stdout_lines}}"
|
||||||
|
|
||||||
|
- name: Backup /etc/bind/named.conf.local
|
||||||
|
become: true
|
||||||
|
copy:
|
||||||
|
remote_src: true
|
||||||
|
src: /etc/bind/named.conf.local
|
||||||
|
dest: /etc/bind/named.conf.local.bak
|
||||||
|
when: not bind9_initial_setup
|
||||||
|
|
||||||
|
|
||||||
|
- name: Backup existing zone files
|
||||||
|
shell: "mv {{bind9_zone_dir}}/{{item}} {{bind9_zone_dir}}/{{item}}.bak"
|
||||||
|
with_items: result.stdout_lines
|
||||||
|
when: not bind9_initial_setup
|
|
@ -0,0 +1,19 @@
|
||||||
|
# Configure bind9
|
||||||
|
|
||||||
|
- name: Create named.conf.local
|
||||||
|
become: true
|
||||||
|
template:
|
||||||
|
src: named.conf.local.j2
|
||||||
|
dest: /etc/bind/named.conf.local
|
||||||
|
owner: bind
|
||||||
|
group: bind
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- name: Generate DNS zones
|
||||||
|
template:
|
||||||
|
src: zone.j2
|
||||||
|
dest: "/srv/dns/{{item.name}}.zone"
|
||||||
|
owner: bind
|
||||||
|
group: bind
|
||||||
|
mode: 0644
|
||||||
|
with_items: "{{bind9_zones | default([])}}"
|
|
@ -0,0 +1,10 @@
|
||||||
|
# Test if all defined zones are locally available and do a rollback if not
|
||||||
|
|
||||||
|
- name: "Test zone {{zone.name}}"
|
||||||
|
shell: "dig {{item.type | default('CNAME')}} {{ item.name | default('') + (item.name is defined | ternary('.', '')) + zone.name}} @localhost +short | grep -w '{{item.rdata | default('www')}}' -c"
|
||||||
|
register: dig_result
|
||||||
|
changed_when: dig_result.rc != 0
|
||||||
|
failed_when: dig_result.rc != 0
|
||||||
|
with_items: "{{zone.records}}"
|
||||||
|
|
||||||
|
- debug: "msg={{dig_result.results | selectattr('rc')}}"
|
|
@ -0,0 +1,28 @@
|
||||||
|
# Rollback changes on error
|
||||||
|
|
||||||
|
- name: Rollback /etc/named.conf.local
|
||||||
|
copy:
|
||||||
|
remote_src: true
|
||||||
|
src: /etc/bind/named.conf.local.bak
|
||||||
|
dest: /ect/bind/named.conf.local
|
||||||
|
owner: bind
|
||||||
|
group: bind
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- name: Delete /etc/named.conf.local.bak
|
||||||
|
file:
|
||||||
|
path: /etc/named.conf.local.bak
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- name: Delete all changed zone files
|
||||||
|
shell: "rm $(find {{bind9_zone_dir}} -not -name '*.bak' -type f)"
|
||||||
|
changed_when: false
|
||||||
|
|
||||||
|
- name: List all backed up zone files
|
||||||
|
shell: "find {{bind9_zone_dir}} -name '*.bak' -type f -exec basename {} \\;"
|
||||||
|
changed_when: false
|
||||||
|
register: backup_zones_result
|
||||||
|
|
||||||
|
- name: Restore backed up zone files
|
||||||
|
shell: "mv {{bind9_zone_dir}}/{{item}}.bak {{bind9_zone_dir}}/{{item}}"
|
||||||
|
with_items: backup_zones_result.stdout_lines
|
|
@ -1,2 +1,19 @@
|
||||||
---
|
- import_tasks: 01-dependencies.yml
|
||||||
# tasks file for bind9
|
- import_tasks: 02-backup.yml
|
||||||
|
- import_tasks: 03-configure.yml
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: Reload rndc
|
||||||
|
shell: rndc freeze && rndc reload && rndc thaw
|
||||||
|
|
||||||
|
- include_tasks: 04-test-changes.yml
|
||||||
|
with_items: "{{bind9_zones}}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: zone
|
||||||
|
|
||||||
|
rescue:
|
||||||
|
- import_tasks: 05-rollback.yml
|
||||||
|
when: not bind9_initial_setup
|
||||||
|
|
||||||
|
- name: Reload rndc
|
||||||
|
shell: rndc freeze && rndc reload && rndc thaw
|
|
@ -0,0 +1,20 @@
|
||||||
|
//========================================================================================================
|
||||||
|
//
|
||||||
|
// DO NOT TOUCH!
|
||||||
|
//
|
||||||
|
// This file is managed by Ansible.
|
||||||
|
// {{ansible_managed}}
|
||||||
|
//
|
||||||
|
//========================================================================================================
|
||||||
|
//
|
||||||
|
// Do any local configuration here
|
||||||
|
//
|
||||||
|
// Consider adding the 1918 zones here, if they are not used in your
|
||||||
|
// organization
|
||||||
|
//include "/etc/bind/zones.rfc1918";
|
||||||
|
{% for zone in dns_zones %}
|
||||||
|
zone "{{zone.name}}" IN {
|
||||||
|
type {{zone.type}};
|
||||||
|
file "{{bind9_zone_dir}}/{{zone.name}}.zone";
|
||||||
|
};
|
||||||
|
{% endfor %}
|
|
@ -0,0 +1,12 @@
|
||||||
|
;========================================================================================================
|
||||||
|
;
|
||||||
|
; DO NOT TOUCH!
|
||||||
|
;
|
||||||
|
; This file is managed by Ansible.
|
||||||
|
; {{ansible_managed}}
|
||||||
|
;
|
||||||
|
;========================================================================================================
|
||||||
|
@ IN SOA {{item.soa}} . ({{ansible_date_time.epoch}} 3600 900 604800 240)
|
||||||
|
{% for record in item.records %}
|
||||||
|
{{record}}
|
||||||
|
{% endfor%}
|
Loading…
Reference in New Issue