dns/master: Moved building of zone files to makefile

4 years ago · d8f1b36ee1
parent 208e277e79
commit d8f1b36ee1
2 changed files with 24 additions and 20 deletions
--- a/roles/dns/master/tasks/main.yml
+++ b/roles/dns/master/tasks/main.yml
@ -41,32 +41,15 @@
    patterns: "K{{ domain }}.+*+*.key"
  register: keys_list

- name: Store database of zone {{ domain }}
+- name: Store main database of zone {{ domain }}
  template:
    src: zone.db
-    dest: "{{ database_file }}"
+    dest: "{{ domain_environment_directory }}/0_main.db"
    owner: root
    group: "{{ dns_user }}"
    mode: "u=rw,g=r,o=r"
    validate: "named-checkzone {{ domain }} %s"
-  notify: reload bind9
-  register: database_stored
-
-# TODO Change to makefile
-# TODO test -N=UNIXTIME instead of unix time by ansible
- name: Sign zone {{ domain }}
-  shell: >-
-    dnssec-signzone
-    -3 $(head -c 1000 /dev/urandom | sha1sum | cut -b 1-16)
-    -a
-    -N KEEP
-    -o {{ domain | quote }}
-    -f {{ database_signed_file | quote }}
-    {{ database_file | quote }}
-  args:
-    chdir: "{{ domain_directory }}"
-    executable: "/bin/sh"
-  when: database_stored.changed
+  notify: reconfigure zone {{ domain }}

 - name: Configure zone {{ domain }}
  template:
--- a/roles/dns/master/templates/zone.makefile
+++ b/roles/dns/master/templates/zone.makefile
@ -1 +1,22 @@
 dest:={{ domain_environment_link_name }}
+
+db_files:=$(wildcard *.db)
+db_file:=${dest}/{{ database_file_name }}
+signed_file:=${dest}/{{ database_signed_file_name }}
+
+all:: ${signed_file}
+
+${db_file}.unchecked: ${db_files}
+  cat $^ > "$@";
+
+${db_file}: ${db_file}.unchecked
+  named-compilezone -o "$@" {{ domain | quote }} "$<"
+
+${signed_file}: ${db_file}
+	dnssec-signzone \
+		-3 $$(head -c 1000 /dev/urandom | sha1sum | cut -b 1-16) \
+		-a \
+		-N KEEP \
+		-o {{ domain | quote }} \
+		-f "$@" \
+		"$<"