ansible-tools
/
nsd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add my changes

This commit is contained in:
Mathieu Pasquet 2021-01-04 22:34:08 +01:00
parent 215507e048
commit 547928426b
4 changed files with 96 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
README.md
View File

@ -1,4 +1,15 @@
# Ansible role for NSD # This is a modified version of "Ansible role for NSD"
Original source: https://github.com/zorun/ansible-role-nsd/
I have made several changes to fit my usecase (essentially remote control and dnssec specificities, as well as some cosmetic changes).
Changes: added two new dictionaries:
* **nsd_remote_control** for remote controllong options in the config file
* **nsd_zone_subdirs** to transfer whole subdirectories (I expect each one to contain a source.sh script which signs dnssec, installed as a cron)
----
This Ansible role installs and configure NSD, an authoritative DNS server. This Ansible role installs and configure NSD, an authoritative DNS server.
It also allows to publish DNS zones into NSD. It also allows to publish DNS zones into NSD.

5
handlers/main.yml
View File

@ -12,7 +12,10 @@
command: "{{ nsd_control_program }} reload" command: "{{ nsd_control_program }} reload"
- name: restart nsd - name: restart nsd
service: name={{ nsd_service_name }} state=restarted systemd:
name: "{{ nsd_service_name }}"
enabled: yes
state: restarted
- name: notify slaves - name: notify slaves
command: "{{ nsd_control_program }} notify" command: "{{ nsd_control_program }} notify"

86
tasks/main.yml
View File

@ -1,33 +1,93 @@
--- ---
- name: Install nsd - name: Ensure resolved stays down
apt: pkg={{ nsd_pkg_name }} state=present systemd:
enabled: false
state: stopped
masked: yes
name: systemd-resolved
- name: Create primary zone directory - name: Create primary zone directory
file: path="{{ nsd_primary_zones_dir }}" state=directory owner=root group=root mode=0755 file:
path: "{{ nsd_primary_zones_dir }}"
state: directory
owner: nsd
group: nsd
mode: 0711
- name: Create control dir
file:
path: /etc/nsd/control
state: directory
owner: nsd
group: nsd
mode: 0700
- name: Create subdirectories
file:
path: "{{ nsd_primary_zones_dir }}/{{ item }}"
state: directory
owner: nsd
group: nsd
mode: 0700
when: nsd_zone_subdirs is defined
loop: "{{ nsd_zone_subdirs }}"
- name: Create secondary zone directory - name: Create secondary zone directory
file: path="{{ nsd_secondary_zones_dir }}" state=directory owner=nsd group=nsd mode=0755 file:
path: "{{ nsd_secondary_zones_dir }}"
state: directory
owner: nsd
group: nsd
mode: 0755
- name: Configure nsd zones - name: Configure nsd zones
template: src=zones_config.j2 dest="{{ nsd_zones_config_file }}" owner=root group=root mode=0644 validate='nsd-checkconf %s' template:
notify: src: zones_config.j2
- rebuild nsd database dest: "{{ nsd_zones_config_file }}"
- reload nsd database owner: nsd
- restart nsd group: nsd
mode: 0600
validate: 'nsd-checkconf %s'
- name: Create base nsd configuration file - name: Create base nsd configuration file
template: src=config.j2 dest="{{ nsd_config_dir }}/nsd.conf" owner=root group=root mode=0644 validate='nsd-checkconf %s' template:
src: config.j2
dest: "{{ nsd_config_dir }}/nsd.conf"
owner: nsd
group: nsd
mode: 0644
validate: 'nsd-checkconf %s'
notify: notify:
- restart nsd - restart nsd
- name: Copy content of subdirs
copy:
src: '{{ playbook_dir }}/files/nsd/{{ item }}'
dest: "{{ nsd_primary_zones_dir }}"
owner: nsd
group: nsd
mode: 0600
directory_mode: 0711
when: nsd_zone_subdirs is defined
loop: "{{ nsd_zone_subdirs }}"
- name: Copy content of primary zones - name: Copy content of primary zones
copy: src="files/nsd/{{ item.zone_filename }}" dest="{{ nsd_primary_zones_dir }}/{{ item.zone_filename }}" owner=root group=root mode=0644 copy:
src: "{{ playbook_dir }}/files/nsd/{{ item.zone_filename }}"
dest: "{{ nsd_primary_zones_dir }}/{{ item.zone_filename }}"
owner: root
group: root
mode: 0644
with_items: "{{ nsd_primary_zones }}" with_items: "{{ nsd_primary_zones }}"
notify: notify:
- rebuild nsd database - rebuild nsd database
- reload nsd database - reload nsd database
- notify slaves - notify slaves
- name: Add dnssec renewal crons
cron:
special_time: monthly
user: nsd
job: "bash {{ nsd_primary_zones_dir }}/{{ item }}/source.sh"
loop: "{{ nsd_zone_subdirs }}"

7
templates/config.j2
View File

@ -20,6 +20,13 @@ server:
{%- endfor %} {%- endfor %}
{% endif %} {% endif %}
{% if nsd_remote_control is defined %}
remote-control:
{% for key, value in nsd_remote_control.items() -%}
{{ expand_list(key, value) }}
{%- endfor %}
{% endif %}
{% if nsd_local_server_config is defined %} {% if nsd_local_server_config is defined %}
# Local configuration # Local configuration
{% for key, value in nsd_local_server_config.items() -%} {% for key, value in nsd_local_server_config.items() -%}