infra/roles/bind-role/tasks/main.yml
Sergey Bubnov (omg) d026de558d fix bind unit file
2019-06-30 14:18:23 +04:00

106 lines
2.8 KiB
YAML

# roles/bind/tasks/main.yml
---
# Initialise distribution-specific variables
- name: Source specific variables
include_vars: "{{ item }}"
with_first_found:
- "{{ ansible_distribution }}.yml"
- "{{ ansible_os_family }}.yml"
- name: Check whether `bind_zone_master_server_ip` was set
assert:
that: bind_zone_master_server_ip is defined
- name: Install BIND
apt_rpm:
pkg: "{{ item }}"
state: installed
with_items: "{{ bind_packages }}"
tags: bind
- name: fix bind service unit
lineinfile:
dest: /lib/systemd/system/bind.service
regexp: "{{ item.regexp | default(omit)}}"
line: "{{ item.line }}"
insertafter: "{{ item.insertafter | default(omit) }}"
notify: reload systemd
with_items:
- { line: 'PartOf=network.service', insertafter: '^After=network'}
- { regexp: '^After=network', line: 'After=network.service'}
- name: Ensure runtime directories referenced in config exist
file:
path: "{{ item }}"
state: directory
owner: "{{ bind_owner }}"
group: "{{ bind_group }}"
mode: 0770
with_items:
- "{{ bind_chroot }}/{{ bind_dir }}/dynamic"
- "{{ bind_chroot }}/{{ bind_dir }}/data"
tags: bind
- name: Create serial, based on last two digits of year, month, day, and hour
command: date +%y%m%d%H
register: timestamp
changed_when: false
run_once: true
tags: bind
- name: Read forward zone hashes
shell: 'grep "^; Hash:" {{ bind_zone_dir }}/{{ bind_zone_name }} || true'
changed_when: false
check_mode: false
register: forward_hashes
- name: Read reverse ipv4 zone hashes
shell: "grep \"^; Hash:\" {{ bind_zone_dir }}/{{ ('.'.join(item.replace(item+'.','').split('.')[::-1])) }}.in-addr.arpa || true"
changed_when: false
check_mode: false
register: reverse_hashes
with_items: "{{ bind_zone_networks }}"
- name: Read reverse ipv6 zone hashes
shell: "grep \"^; Hash:\" {{bind_zone_dir}}/{{ (item | ipaddr('revdns'))[-(9+(item|regex_replace('^.*/','')|int)//2):-1] }} || true"
changed_when: false
check_mode: false
register: reverse_hashes_ipv6
with_items: "{{ bind_zone_ipv6_networks }}"
- name: put rndc.key
template:
src: rndc.key.j2
dest: /var/lib/bind/etc/rndc.key
owner: root
group: named
mode: 0640
- name: purge resolv.conf from interface`s config
shell: find /etc/net/ifaces -name 'resolv.conf' -delete
changed_when: false
- name: set DNS resolver to the localhost
template:
src: resolv.conf
dest: /etc/net/ifaces/lo/resolv.conf
notify: restart network
- include_tasks: master.yml
when: bind_zone_master_server_ip in ansible_all_ipv4_addresses
- include_tasks: slave.yml
when: bind_zone_master_server_ip not in ansible_all_ipv4_addresses
- name: black magick
shell: update_chrooted all
changed_when: false
- name: Start BIND service
service:
name: "{{ bind_service }}"
state: started
enabled: yes
tags: bind