110 lines
3.0 KiB
YAML
110 lines
3.0 KiB
YAML
# roles/bind/tasks/main.yml
|
|
---
|
|
|
|
# Initialise distribution-specific variables
|
|
- name: Source specific variables
|
|
include_vars: "{{ item }}"
|
|
with_first_found:
|
|
- "{{ ansible_distribution }}.yml"
|
|
- "{{ ansible_os_family }}.yml"
|
|
tags: bind
|
|
|
|
- name: Check whether `bind_zone_master_server_ip` was set
|
|
assert:
|
|
that: bind_zone_master_server_ip is defined
|
|
|
|
- name: Install BIND
|
|
package:
|
|
pkg: "{{ item }}"
|
|
state: present
|
|
with_items:
|
|
- "{{ bind_packages }}"
|
|
tags: bind
|
|
|
|
- name: Ensure runtime directories referenced in config exist
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
owner: "{{ bind_owner }}"
|
|
group: "{{ bind_group }}"
|
|
mode: 0770
|
|
with_items:
|
|
- "{{ bind_dir }}/dynamic"
|
|
- "{{ bind_dir }}/data"
|
|
- "{{ bind_zone_dir }}"
|
|
tags: bind
|
|
|
|
- name: Create serial, based on UTC UNIX time
|
|
command: date -u +%s
|
|
register: timestamp
|
|
changed_when: false
|
|
run_once: true
|
|
check_mode: false
|
|
tags: bind
|
|
|
|
- name: Read forward zone hashes
|
|
shell: 'grep -s "^; Hash:" {{ bind_zone_dir }}/{{ item.name }} || true'
|
|
changed_when: false
|
|
check_mode: false
|
|
register: forward_hashes_temp
|
|
with_items:
|
|
- "{{ bind_zone_domains }}"
|
|
|
|
- name: create dict of forward hashes
|
|
set_fact:
|
|
forward_hashes: "{{ forward_hashes|default([]) + [ {'hash': item.stdout|default(), 'name': item.item.name} ] }}"
|
|
with_items:
|
|
- "{{ forward_hashes_temp.results }}"
|
|
|
|
|
|
- name: Read reverse ipv4 zone hashes
|
|
shell: "grep -s \"^; Hash:\" {{ bind_zone_dir }}/{{ ('.'.join(item.1.replace(item.1+'.','').split('.')[::-1])) }}.in-addr.arpa || true"
|
|
changed_when: false
|
|
check_mode: false
|
|
register: reverse_hashes_temp
|
|
with_subelements:
|
|
- "{{ bind_zone_domains }}"
|
|
- networks
|
|
- flags:
|
|
skip_missing: true
|
|
|
|
- name: create dict of reverse hashes
|
|
set_fact:
|
|
reverse_hashes: "{{ reverse_hashes|default([]) + [ {'hash': item.0.stdout|default(), 'network': item.1} ] }}"
|
|
with_subelements:
|
|
- "{{ reverse_hashes_temp.results }}"
|
|
- item
|
|
|
|
- name: Read reverse ipv6 zone hashes
|
|
shell: "grep -s \"^; Hash:\" {{ bind_zone_dir }}/{{ (item.1 | ipaddr('revdns'))[-(9+(item.1|regex_replace('^.*/','')|int)//2):-1] }} || true"
|
|
changed_when: false
|
|
check_mode: false
|
|
register: reverse_hashes_ipv6_temp
|
|
with_subelements:
|
|
- "{{ bind_zone_domains }}"
|
|
- ipv6_networks
|
|
- flags:
|
|
skip_missing: true
|
|
|
|
- name: create dict of reverse ipv6 hashes
|
|
set_fact:
|
|
reverse_hashes_ipv6: "{{ reverse_hashes_ipv6|default([]) + [ {'hash': item.0.stdout|default(), 'network': item.1} ] }}"
|
|
with_subelements:
|
|
- "{{ reverse_hashes_ipv6_temp.results }}"
|
|
- item
|
|
|
|
- name: Set up the machine as a master DNS server
|
|
include_tasks: master.yml
|
|
when: bind_zone_master_server_ip in ansible_all_ipv4_addresses
|
|
|
|
- name: Set up the machine as a slave DNS server
|
|
include_tasks: slave.yml
|
|
when: bind_zone_master_server_ip not in ansible_all_ipv4_addresses
|
|
|
|
- name: Start BIND service
|
|
service:
|
|
name: "{{ bind_service }}"
|
|
state: started
|
|
enabled: true
|
|
tags: bind
|