Add my changes
This commit is contained in:
parent
215507e048
commit
547928426b
13
README.md
13
README.md
@ -1,4 +1,15 @@
|
|||||||
# Ansible role for NSD
|
# This is a modified version of "Ansible role for NSD"
|
||||||
|
|
||||||
|
Original source: https://github.com/zorun/ansible-role-nsd/
|
||||||
|
|
||||||
|
I have made several changes to fit my usecase (essentially remote control and dnssec specificities, as well as some cosmetic changes).
|
||||||
|
|
||||||
|
Changes: added two new dictionaries:
|
||||||
|
|
||||||
|
* **nsd_remote_control** for remote controllong options in the config file
|
||||||
|
* **nsd_zone_subdirs** to transfer whole subdirectories (I expect each one to contain a source.sh script which signs dnssec, installed as a cron)
|
||||||
|
|
||||||
|
----
|
||||||
|
|
||||||
This Ansible role installs and configure NSD, an authoritative DNS server.
|
This Ansible role installs and configure NSD, an authoritative DNS server.
|
||||||
It also allows to publish DNS zones into NSD.
|
It also allows to publish DNS zones into NSD.
|
||||||
|
|||||||
@ -12,7 +12,10 @@
|
|||||||
command: "{{ nsd_control_program }} reload"
|
command: "{{ nsd_control_program }} reload"
|
||||||
|
|
||||||
- name: restart nsd
|
- name: restart nsd
|
||||||
service: name={{ nsd_service_name }} state=restarted
|
systemd:
|
||||||
|
name: "{{ nsd_service_name }}"
|
||||||
|
enabled: yes
|
||||||
|
state: restarted
|
||||||
|
|
||||||
- name: notify slaves
|
- name: notify slaves
|
||||||
command: "{{ nsd_control_program }} notify"
|
command: "{{ nsd_control_program }} notify"
|
||||||
|
|||||||
@ -1,33 +1,93 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
- name: Install nsd
|
- name: Ensure resolved stays down
|
||||||
apt: pkg={{ nsd_pkg_name }} state=present
|
systemd:
|
||||||
|
enabled: false
|
||||||
|
state: stopped
|
||||||
|
masked: yes
|
||||||
|
name: systemd-resolved
|
||||||
|
|
||||||
- name: Create primary zone directory
|
- name: Create primary zone directory
|
||||||
file: path="{{ nsd_primary_zones_dir }}" state=directory owner=root group=root mode=0755
|
file:
|
||||||
|
path: "{{ nsd_primary_zones_dir }}"
|
||||||
|
state: directory
|
||||||
|
owner: nsd
|
||||||
|
group: nsd
|
||||||
|
mode: 0711
|
||||||
|
|
||||||
|
- name: Create control dir
|
||||||
|
file:
|
||||||
|
path: /etc/nsd/control
|
||||||
|
state: directory
|
||||||
|
owner: nsd
|
||||||
|
group: nsd
|
||||||
|
mode: 0700
|
||||||
|
|
||||||
|
- name: Create subdirectories
|
||||||
|
file:
|
||||||
|
path: "{{ nsd_primary_zones_dir }}/{{ item }}"
|
||||||
|
state: directory
|
||||||
|
owner: nsd
|
||||||
|
group: nsd
|
||||||
|
mode: 0700
|
||||||
|
when: nsd_zone_subdirs is defined
|
||||||
|
loop: "{{ nsd_zone_subdirs }}"
|
||||||
|
|
||||||
- name: Create secondary zone directory
|
- name: Create secondary zone directory
|
||||||
file: path="{{ nsd_secondary_zones_dir }}" state=directory owner=nsd group=nsd mode=0755
|
file:
|
||||||
|
path: "{{ nsd_secondary_zones_dir }}"
|
||||||
|
state: directory
|
||||||
|
owner: nsd
|
||||||
|
group: nsd
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
- name: Configure nsd zones
|
- name: Configure nsd zones
|
||||||
template: src=zones_config.j2 dest="{{ nsd_zones_config_file }}" owner=root group=root mode=0644 validate='nsd-checkconf %s'
|
template:
|
||||||
notify:
|
src: zones_config.j2
|
||||||
- rebuild nsd database
|
dest: "{{ nsd_zones_config_file }}"
|
||||||
- reload nsd database
|
owner: nsd
|
||||||
- restart nsd
|
group: nsd
|
||||||
|
mode: 0600
|
||||||
|
validate: 'nsd-checkconf %s'
|
||||||
|
|
||||||
- name: Create base nsd configuration file
|
- name: Create base nsd configuration file
|
||||||
template: src=config.j2 dest="{{ nsd_config_dir }}/nsd.conf" owner=root group=root mode=0644 validate='nsd-checkconf %s'
|
template:
|
||||||
|
src: config.j2
|
||||||
|
dest: "{{ nsd_config_dir }}/nsd.conf"
|
||||||
|
owner: nsd
|
||||||
|
group: nsd
|
||||||
|
mode: 0644
|
||||||
|
validate: 'nsd-checkconf %s'
|
||||||
notify:
|
notify:
|
||||||
- restart nsd
|
- restart nsd
|
||||||
|
|
||||||
|
- name: Copy content of subdirs
|
||||||
|
copy:
|
||||||
|
src: '{{ playbook_dir }}/files/nsd/{{ item }}'
|
||||||
|
dest: "{{ nsd_primary_zones_dir }}"
|
||||||
|
owner: nsd
|
||||||
|
group: nsd
|
||||||
|
mode: 0600
|
||||||
|
directory_mode: 0711
|
||||||
|
when: nsd_zone_subdirs is defined
|
||||||
|
loop: "{{ nsd_zone_subdirs }}"
|
||||||
|
|
||||||
- name: Copy content of primary zones
|
- name: Copy content of primary zones
|
||||||
copy: src="files/nsd/{{ item.zone_filename }}" dest="{{ nsd_primary_zones_dir }}/{{ item.zone_filename }}" owner=root group=root mode=0644
|
copy:
|
||||||
|
src: "{{ playbook_dir }}/files/nsd/{{ item.zone_filename }}"
|
||||||
|
dest: "{{ nsd_primary_zones_dir }}/{{ item.zone_filename }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
with_items: "{{ nsd_primary_zones }}"
|
with_items: "{{ nsd_primary_zones }}"
|
||||||
notify:
|
notify:
|
||||||
- rebuild nsd database
|
- rebuild nsd database
|
||||||
- reload nsd database
|
- reload nsd database
|
||||||
- notify slaves
|
- notify slaves
|
||||||
|
|
||||||
|
- name: Add dnssec renewal crons
|
||||||
|
cron:
|
||||||
|
special_time: monthly
|
||||||
|
user: nsd
|
||||||
|
job: "bash {{ nsd_primary_zones_dir }}/{{ item }}/source.sh"
|
||||||
|
loop: "{{ nsd_zone_subdirs }}"
|
||||||
|
|||||||
@ -20,6 +20,13 @@ server:
|
|||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
{% if nsd_remote_control is defined %}
|
||||||
|
remote-control:
|
||||||
|
{% for key, value in nsd_remote_control.items() -%}
|
||||||
|
{{ expand_list(key, value) }}
|
||||||
|
{%- endfor %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{% if nsd_local_server_config is defined %}
|
{% if nsd_local_server_config is defined %}
|
||||||
# Local configuration
|
# Local configuration
|
||||||
{% for key, value in nsd_local_server_config.items() -%}
|
{% for key, value in nsd_local_server_config.items() -%}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user