Added roles/dns/{application,master,slave}
parent
b804ae005e
commit
2b63f1a248
GPG Key ID:
93E1BD26F6B02FB7
@ -0,0 +1,6 @@
|
||||
---
|
||||
|
||||
dns_user: "bind"
|
||||
dns_configuration_directory: "/etc/bind"
|
||||
dns_zones_configuration: "{{ dns_configuration_directory }}/named.conf.local"
|
||||
dns_zones_directory: "{{ dns_configuration_directory }}/zones"
|
||||
@ -0,0 +1,11 @@
|
||||
---
|
||||
|
||||
- name: restart bind9
|
||||
systemd:
|
||||
name: bind9
|
||||
state: restarted
|
||||
|
||||
- name: reload bind9
|
||||
systemd:
|
||||
name: bind9
|
||||
state: reloaded
|
||||
@ -0,0 +1,3 @@
|
||||
---
|
||||
|
||||
allow_duplicates: no
|
||||
@ -0,0 +1,27 @@
|
||||
---
|
||||
|
||||
- name: Install required packages
|
||||
apt:
|
||||
state: present
|
||||
name:
|
||||
- bind9
|
||||
|
||||
- name: Create directory for zone databases
|
||||
file:
|
||||
path: "{{ dns_zones_directory }}"
|
||||
state: directory
|
||||
|
||||
- name: Enable bind9 service
|
||||
systemd:
|
||||
name: bind9
|
||||
state: started
|
||||
enabled: yes
|
||||
|
||||
- name: Allow dns in firewall
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 53
|
||||
proto: "{{ item }}"
|
||||
loop:
|
||||
- tcp
|
||||
- udp
|
||||
@ -0,0 +1,14 @@
|
||||
---
|
||||
|
||||
domain: "example.com"
|
||||
|
||||
configuration_file: "{{ dns_zones_directory }}/{{ domain }}.conf"
|
||||
database_file: "{{ dns_zones_directory }}/{{ domain }}.db"
|
||||
|
||||
main_nameserver_domain: "ns1.{{ domain }}."
|
||||
responsible_mail_name: "admin.{{ domain }}."
|
||||
serial_number: "{{ lookup('pipe', 'date +\"%Y%m%d%H\"') }}"
|
||||
refresh: 86400
|
||||
retry: 7200
|
||||
expire: 3600000
|
||||
ttl: 172800
|
||||
@ -0,0 +1,6 @@
|
||||
---
|
||||
|
||||
allow_duplicates: yes
|
||||
|
||||
dependencies:
|
||||
- role: dns/application
|
||||
@ -0,0 +1,31 @@
|
||||
---
|
||||
|
||||
- name: Store database of zone {{ domain }}
|
||||
template:
|
||||
src: zone.db
|
||||
dest: "{{ database_file }}"
|
||||
owner: root
|
||||
group: "{{ dns_user }}"
|
||||
mode: "u=rw,g=r,o=r"
|
||||
validate: "named-checkzone {{ domain }} %s"
|
||||
notify: reload bind9
|
||||
|
||||
# TODO DNSSEC
|
||||
|
||||
- name: Configure zone {{ domain }}
|
||||
template:
|
||||
src: zone.conf
|
||||
dest: "{{ configuration_file }}"
|
||||
owner: root
|
||||
group: "{{ dns_user }}"
|
||||
mode: "u=rw,g=r,o=r"
|
||||
validate: "named-checkconf %s"
|
||||
notify: reload bind9
|
||||
|
||||
- name: Include configuration file of zone {{ domain }}
|
||||
lineinfile:
|
||||
path: "{{ dns_zones_configuration }}"
|
||||
state: present
|
||||
line: "include \"{{ configuration_file }}\";"
|
||||
validate: "named-checkconf %s"
|
||||
notify: reload bind9
|
||||
@ -0,0 +1,17 @@
|
||||
zone "{{ domain }}" {
|
||||
type master;
|
||||
file "{{ database_file }}";
|
||||
notify yes;
|
||||
allow-transfer {
|
||||
{% for fqdn in slaves %}
|
||||
{{ hostvars[fqdn].ansible_default_ipv4.address }};
|
||||
{{ hostvars[fqdn].ansible_default_ipv6.address }};
|
||||
{% endfor %}
|
||||
};
|
||||
also-notify {
|
||||
{% for fqdn in slaves %}
|
||||
{{ hostvars[fqdn].ansible_default_ipv4.address }};
|
||||
{{ hostvars[fqdn].ansible_default_ipv6.address }};
|
||||
{% endfor %}
|
||||
};
|
||||
};
|
||||
@ -0,0 +1,10 @@
|
||||
$TTL 86400
|
||||
@ IN SOA {{ main_nameserver_domain }} {{ responsible_mail_name }} (
|
||||
{{ serial_number }}
|
||||
{{ refresh }}
|
||||
{{ retry }}
|
||||
{{ expire }}
|
||||
{{ ttl }}
|
||||
)
|
||||
|
||||
{{ entries }}
|
||||
@ -0,0 +1,6 @@
|
||||
---
|
||||
|
||||
domain: "example.com"
|
||||
|
||||
configuration_file: "{{ dns_zones_directory }}/{{ domain }}.conf"
|
||||
database_file: "{{ dns_zones_directory }}/{{ domain }}.db"
|
||||
@ -0,0 +1,6 @@
|
||||
---
|
||||
|
||||
allow_duplicates: yes
|
||||
|
||||
dependencies:
|
||||
- role: dns/application
|
||||
@ -0,0 +1,19 @@
|
||||
---
|
||||
|
||||
- name: Configure zone {{ domain }}
|
||||
template:
|
||||
src: zone.conf
|
||||
dest: "{{ configuration_file }}"
|
||||
owner: root
|
||||
group: "{{ dns_user }}"
|
||||
mode: "u=rw,g=r,o=r"
|
||||
validate: "named-checkconf %s"
|
||||
notify: reload bind9
|
||||
|
||||
- name: Include configuration file of zone {{ domain }}
|
||||
lineinfile:
|
||||
path: "{{ dns_zones_configuration }}"
|
||||
state: present
|
||||
line: "include \"{{ configuration_file }}\";"
|
||||
validate: "named-checkconf %s"
|
||||
notify: reload bind9
|
||||
@ -0,0 +1,10 @@
|
||||
zone "{{ domain }}" {
|
||||
type slave;
|
||||
file "{{ database_file }}";
|
||||
masters {
|
||||
{% for fqdn in masters %}
|
||||
{{ hostvars[fqdn].ansible_default_ipv4.address }};
|
||||
{{ hostvars[fqdn].ansible_default_ipv6.address }};
|
||||
{% endfor %}
|
||||
};
|
||||
};
|
||||
Loading…
Reference in New Issue