NSD: Simplify configuration to use only one file for all zones, instead of many includes

This also allows the playbook to be idempotent.

tasks/main.yml

@@ -3,14 +3,6 @@
 - name: Install nsd3
   apt: pkg=nsd3 state=present
 
-- name: Configure nsd3
-  template: src=config.j2 dest={{ nsd_config_dir }}/nsd.conf owner=root group=root mode=0644
-  notify:
-    - restart nsd3
-
-
-- name: Create zone configuration directory
-  file: path={{ zones_config_dir }} state=directory owner=root group=root mode=0755
 
 - name: Create primary zone directory
   file: path={{ primary_zones_dir }} state=directory owner=root group=root mode=0755
@@ -18,69 +10,22 @@
 - name: Create secondary zone directory
   file: path={{ secondary_zones_dir }} state=directory owner=nsd group=nsd mode=0755
 
-- name: Create keys directory
-  file: path={{ keys_config_dir }} state=directory owner=root group=root mode=0755
 
-
-# Unfortunately, nsd doesn't allow to say "include all files in this directory".
-# The following implements the inclusion logic: the main config file includes
-# a secondary file, in which we add include statements for each zone.
-- name: Wipe include file
-  copy: dest={{ zones_include_file }} content="# Generated automatically by Ansible, do not edit by hand.\n"
-
-- name: Configure primary nsd3 zones
-  template: src=primary_zone_config.j2 dest="{{ zones_config_dir }}/{{ item.zone_name }}.primary.conf" owner=root group=root mode=0644
-  notify:
-    - restart nsd3
-  with_items: "{{ nsd_primary_zones }}"
-
-- name: Add include lines for primary zones to the include file
-  lineinfile:
-    state: present
-    dest: "{{ zones_include_file }}"
-    regexp: "^include: {{ zones_config_dir }}/{{ item.zone_name }}.primary.conf"
-    line: "include: {{ zones_config_dir }}/{{ item.zone_name }}.primary.conf"
-  with_items: "{{ nsd_primary_zones }}"
+- name: Create base nsd3 configuration file
+  template: src=config.j2 dest={{ nsd_config_dir }}/nsd.conf owner=root group=root mode=0644
   notify:
     - restart nsd3
 
-- name: Copy primary nsd3 zones
+- name: Configure nsd3 zones
+  template: src=zones_config.j2 dest={{ zones_config_file }} owner=root group=root mode=0644
+  notify:
+    - rebuild nsd3 database
+    - restart nsd3
+
+
+- name: Copy content of primary nsd3 zones
   copy: src="files/nsd/{{ item.zone_filename }}" dest="{{ primary_zones_dir }}/{{ item.zone_filename }}" owner=root group=root mode=0644
   with_items: "{{ nsd_primary_zones }}"
   notify:
     - rebuild nsd3 database
     - notify slaves
-
-
-- name: Configure secondary nsd3 zones
-  template: src=secondary_zone_config.j2 dest="{{ zones_config_dir }}/{{ item.zone_name }}.secondary.conf" owner=root group=root mode=0644
-  notify:
-    - restart nsd3
-  with_items: "{{ nsd_secondary_zones }}"
-
-- name: Add include lines for secondary zones to the include file
-  lineinfile:
-    state: present
-    dest: "{{ zones_include_file }}"
-    regexp: "^include: {{ zones_config_dir }}/{{ item.zone_name }}.secondary.conf"
-    line: "include: {{ zones_config_dir }}/{{ item.zone_name }}.secondary.conf"
-  with_items: "{{ nsd_secondary_zones }}"
-  notify:
-    - restart nsd3
-
-
-- name: Configure TSIG keys
-  template: src=tsigkey_config.j2 dest="{{ keys_config_dir }}/{{ item.tsig_keyname }}.conf" owner=root group=root mode=0644
-  notify:
-    - restart nsd3
-  with_items: "{{ nsd_tsig_keys }}"
-
-- name: Add include lines for TSIG keys
-  lineinfile:
-    state: present
-    dest: "{{ zones_include_file }}"
-    regexp: "^include: {{ keys_config_dir }}/{{ item.tsig_keyname }}.conf"
-    line: "include: {{ keys_config_dir }}/{{ item.tsig_keyname }}.conf"
-  with_items: "{{ nsd_tsig_keys }}"
-  notify:
-    - restart nsd3

templates/config.j2

@@ -26,5 +26,5 @@ server:
 
 
 # Include zone definitions
-include: "{{ zones_include_file }}"
+include: "{{ zones_config_file }}"
 

templates/primary_zone_config.j2

@@ -1,9 +0,0 @@
-# Primary zone definition for {{ item.zone_name }}
-zone:
-  name: "{{ item.zone_name }}"
-  zonefile: "{{ primary_zones_dir }}/{{ item.zone_filename }}"
-{% for slave in item.slaves|default([]) %}
-  notify: {{ slave.ip }} "{{ slave.tsig_key|default('NOKEY') }}"
-  provide-xfr: {{ slave.ip }} "{{ slave.tsig_key|default('NOKEY') }}"
-{% endfor %}
-

templates/secondary_zone_config.j2

@@ -1,9 +0,0 @@
-# Secondary zone definition for {{ item.zone_name }}
-zone:
-  name: "{{ item.zone_name }}"
-  zonefile: "{{ secondary_zones_dir }}/{{ item.zone_name }}"
-{% for master in item.masters|default([]) %}
-  allow-notify: {{ master.ip }} "{{ master.tsig_key|default('NOKEY') }}"
-  request-xfr: AXFR {{ master.ip }} "{{ master.tsig_key|default('NOKEY') }}"
-{% endfor %}
-

templates/zones_config.j2

@@ -0,0 +1,44 @@
+# NSD configuration, automatically generated by Ansible.
+# Do not edit by hand!
+#
+# This file is included by the main configuration file, and contains
+# definitions for all zones (primary and secondary) and TSIG keys.
+
+## TSIG keys ##
+{% for key in nsd_tsig_keys|default([]) %}
+key:
+    name: "{{ key.tsig_keyname }}"
+    secret: "{{ key.tsig_secret }}"
+    algorithm: "{{ key.tsig_algorithm }}"
+
+{% endfor %}
+
+
+## Primary zones ##
+
+{% for zone in nsd_primary_zones|default([]) %}
+# Primary zone definition for {{ zone.zone_name }}
+zone:
+  name: "{{ zone.zone_name }}"
+  zonefile: "{{ primary_zones_dir }}/{{ zone.zone_filename }}"
+{% for slave in zone.slaves|default([]) %}
+  notify: {{ slave.ip }} "{{ slave.tsig_key|default('NOKEY') }}"
+  provide-xfr: {{ slave.ip }} "{{ slave.tsig_key|default('NOKEY') }}"
+{% endfor %}
+
+{% endfor %}
+
+
+## Secondary zones ##
+
+{% for zone in nsd_secondary_zones|default([]) %}
+# Secondary zone definition for {{ zone.zone_name }}
+zone:
+  name: "{{ zone.zone_name }}"
+  zonefile: "{{ secondary_zones_dir }}/{{ zone.zone_name }}"
+{% for master in zone.masters|default([]) %}
+  allow-notify: {{ master.ip }} "{{ master.tsig_key|default('NOKEY') }}"
+  request-xfr: AXFR {{ master.ip }} "{{ master.tsig_key|default('NOKEY') }}"
+{% endfor %}
+
+{% endfor %}