/
main.yml
192 lines (172 loc) · 4.65 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
- name: Required variables
ansible.builtin.debug:
msg: |
{{ network_configs.dns }}
- name: Install bind9
become: true
ansible.builtin.apt:
update_cache: true
cache_valid_time: 3600
name:
- bind9
- bind9utils
- name: Clean current configs
become: true
ansible.builtin.file:
path: "{{ item }}"
state: absent
with_items:
- /usr/local/etc/rndc.conf
- /etc/bind/etc/bind
- name: Copy bind configs
become: true
ansible.builtin.copy:
# if path ends with “/”, only inside contents of that directory are copied to destination
src: "etc/bind/"
dest: "/etc/bind"
owner: bind
group: bind
mode: preserve
######################
# named.conf.options #
######################
- name: Copy named.conf.options template
become: true
ansible.builtin.template:
src: "etc/bind/etc/bind/named.conf.options.j2"
dest: "/etc/bind/etc/bind/named.conf.options"
owner: bind
group: bind
mode: 0644
vars:
access_control_list: "{{ network_configs.dns.acl }}"
####################################
# Custom named.conf and zone files #
####################################
- name: Copy named.conf template
become: true
ansible.builtin.template:
src: "etc/bind/etc/bind/named.conf.local.j2"
dest: "/etc/bind/etc/bind/named.conf.local"
owner: bind
group: bind
mode: 0644
vars:
domain_name_list: "{{ network_configs.dns.domains.keys() | list }}"
- name: Copy zone template
become: true
ansible.builtin.template:
src: "etc/bind/etc/bind/template.zone.j2"
dest: "/etc/bind/etc/bind/{{ item.key }}.zone"
owner: bind
group: bind
mode: 0644
with_dict: "{{ network_configs.dns.domains }}"
# Remove if already existing /etc/bind/named.conf
# Set symlink to /etc/bind/etc/bind/named.conf
- name: Check if /etc/bind/named.conf is a file
ansible.builtin.stat:
path: /etc/bind/named.conf
changed_when: false
register: result
- name: Backup existing file
become: true
ansible.builtin.copy: # mv /etc/bind/named.conf /etc/bind/named.conf.bak
src: /etc/bind/named.conf
dest: /etc/bind/named.conf.bak
remote_src: true
backup: true
mode: preserve
when: result.stat.exists and not result.stat.islnk
- name: Remove existing file
become: true
ansible.builtin.file:
path: /etc/bind/named.conf
state: absent
when: result.stat.exists and not result.stat.islnk
- name: Create symlink
become: true
ansible.builtin.file:
src: etc/bind/named.conf
dest: /etc/bind/named.conf
state: link
group: bind
# Set named arguments
- name: Edit EnvironmentFile's OPTIONS value
become: true
ansible.builtin.lineinfile:
path: /etc/default/named
regexp: "^OPTIONS="
line: 'OPTIONS="-u bind -t /etc/bind -c /etc/bind/named.conf"'
state: present
backup: true
# Copy locale time for chroot
- name: Copy locale time
become: true
ansible.builtin.copy:
src: /etc/localtime
dest: /etc/bind/etc/
remote_src: true
mode: preserve
########################################
# RNDC (Remote Named Daemon Controller)
########################################
- name: Check existance (/etc/bind/etc/bind/rndc.key)
ansible.builtin.stat:
path: /etc/bind/etc/bind/rndc.key
changed_when: false
register: result
- name: Create key by 'rndc-confgen' if not exist
become: true
ansible.builtin.command:
cmd: >
rndc-confgen -a -c /etc/bind/etc/bind/rndc.key
changed_when: true
when: not result.stat.exists
- name: Chmod key
become: true
ansible.builtin.file:
path: /etc/bind/etc/bind/rndc.key
mode: g+r
when: not result.stat.exists
- name: Create rndc.conf
become: true
ansible.builtin.copy:
src: usr/local/etc/rndc.conf
dest: /usr/local/etc/rndc.conf
owner: bind
group: bind
mode: preserve
- name: Check config by 'named-checkconf'
become: true
ansible.builtin.command:
cmd: named-checkconf -t /etc/bind etc/bind/named.conf
args:
chdir: "/etc/bind"
changed_when: false
# Copy DNS root.hints for chroot
- name: Create parent directory
become: true
ansible.builtin.file:
path: /etc/bind/usr/share/dns/
state: directory
owner: bind
group: bind
mode: 0755
- name: Copy /usr/share/dns/root.hints
become: true
ansible.builtin.copy:
src: /usr/share/dns/root.hints
dest: /etc/bind/usr/share/dns/root.hints
remote_src: true
mode: preserve
########################################
# restart systemd
########################################
- name: Restart systemd
ansible.builtin.include_role:
name: utils
tasks_from: systemd_restart
vars:
utils_systemd_service_name: "named.service"
utils_is_user_systemd: false