# roles/bind/tasks/main.yml --- # Initialise distribution-specific variables - name: Source specific variables include_vars: "{{ item }}" with_first_found: - "{{ ansible_distribution }}.yml" - "{{ ansible_os_family }}.yml" tags: bind - name: Check whether `bind_zone_master_server_ip` was set assert: that: bind_zone_master_server_ip is defined - name: Install BIND package: pkg: "{{ item }}" state: present with_items: - "{{ bind_packages }}" tags: bind - name: Ensure runtime directories referenced in config exist file: path: "{{ item }}" state: directory owner: "{{ bind_owner }}" group: "{{ bind_group }}" mode: 0770 with_items: - "{{ bind_dir }}/dynamic" - "{{ bind_dir }}/data" - "{{ bind_zone_dir }}" tags: bind - name: Create serial, based on UTC UNIX time command: date -u +%s register: timestamp changed_when: false run_once: true check_mode: false tags: bind - name: Read forward zone hashes shell: 'grep -s "^; Hash:" {{ bind_zone_dir }}/{{ item.name }} || true' changed_when: false check_mode: false register: forward_hashes_temp with_items: - "{{ bind_zone_domains }}" - name: create dict of forward hashes set_fact: forward_hashes: "{{ forward_hashes|default([]) + [ {'hash': item.stdout|default(), 'name': item.item.name} ] }}" with_items: - "{{ forward_hashes_temp.results }}" - name: Read reverse ipv4 zone hashes shell: "grep -s \"^; Hash:\" {{ bind_zone_dir }}/{{ ('.'.join(item.1.replace(item.1+'.','').split('.')[::-1])) }}.in-addr.arpa || true" changed_when: false check_mode: false register: reverse_hashes_temp with_subelements: - "{{ bind_zone_domains }}" - networks - flags: skip_missing: true - name: create dict of reverse hashes set_fact: reverse_hashes: "{{ reverse_hashes|default([]) + [ {'hash': item.0.stdout|default(), 'network': item.1} ] }}" with_subelements: - "{{ reverse_hashes_temp.results }}" - item - name: Read reverse ipv6 zone hashes shell: "grep -s \"^; Hash:\" {{ bind_zone_dir }}/{{ (item.1 | ipaddr('revdns'))[-(9+(item.1|regex_replace('^.*/','')|int)//2):-1] }} || true" changed_when: false check_mode: false register: reverse_hashes_ipv6_temp with_subelements: - "{{ bind_zone_domains }}" - ipv6_networks - flags: skip_missing: true - name: create dict of reverse ipv6 hashes set_fact: reverse_hashes_ipv6: "{{ reverse_hashes_ipv6|default([]) + [ {'hash': item.0.stdout|default(), 'network': item.1} ] }}" with_subelements: - "{{ reverse_hashes_ipv6_temp.results }}" - item - name: Set up the machine as a master DNS server include_tasks: master.yml when: bind_zone_master_server_ip in ansible_all_ipv4_addresses - name: Set up the machine as a slave DNS server include_tasks: slave.yml when: bind_zone_master_server_ip not in ansible_all_ipv4_addresses - name: Start BIND service service: name: "{{ bind_service }}" state: started enabled: true tags: bind