diff --git a/tasks/main.yml b/tasks/main.yml index 6e18ef7..36d0ba3 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -3,14 +3,6 @@ - name: Install nsd3 apt: pkg=nsd3 state=present -- name: Configure nsd3 - template: src=config.j2 dest={{ nsd_config_dir }}/nsd.conf owner=root group=root mode=0644 - notify: - - restart nsd3 - - -- name: Create zone configuration directory - file: path={{ zones_config_dir }} state=directory owner=root group=root mode=0755 - name: Create primary zone directory file: path={{ primary_zones_dir }} state=directory owner=root group=root mode=0755 @@ -18,69 +10,22 @@ - name: Create secondary zone directory file: path={{ secondary_zones_dir }} state=directory owner=nsd group=nsd mode=0755 -- name: Create keys directory - file: path={{ keys_config_dir }} state=directory owner=root group=root mode=0755 - -# Unfortunately, nsd doesn't allow to say "include all files in this directory". -# The following implements the inclusion logic: the main config file includes -# a secondary file, in which we add include statements for each zone. -- name: Wipe include file - copy: dest={{ zones_include_file }} content="# Generated automatically by Ansible, do not edit by hand.\n" - -- name: Configure primary nsd3 zones - template: src=primary_zone_config.j2 dest="{{ zones_config_dir }}/{{ item.zone_name }}.primary.conf" owner=root group=root mode=0644 - notify: - - restart nsd3 - with_items: "{{ nsd_primary_zones }}" - -- name: Add include lines for primary zones to the include file - lineinfile: - state: present - dest: "{{ zones_include_file }}" - regexp: "^include: {{ zones_config_dir }}/{{ item.zone_name }}.primary.conf" - line: "include: {{ zones_config_dir }}/{{ item.zone_name }}.primary.conf" - with_items: "{{ nsd_primary_zones }}" +- name: Create base nsd3 configuration file + template: src=config.j2 dest={{ nsd_config_dir }}/nsd.conf owner=root group=root mode=0644 notify: - restart nsd3 -- name: Copy primary nsd3 zones +- name: Configure nsd3 zones + template: src=zones_config.j2 dest={{ zones_config_file }} owner=root group=root mode=0644 + notify: + - rebuild nsd3 database + - restart nsd3 + + +- name: Copy content of primary nsd3 zones copy: src="files/nsd/{{ item.zone_filename }}" dest="{{ primary_zones_dir }}/{{ item.zone_filename }}" owner=root group=root mode=0644 with_items: "{{ nsd_primary_zones }}" notify: - rebuild nsd3 database - notify slaves - - -- name: Configure secondary nsd3 zones - template: src=secondary_zone_config.j2 dest="{{ zones_config_dir }}/{{ item.zone_name }}.secondary.conf" owner=root group=root mode=0644 - notify: - - restart nsd3 - with_items: "{{ nsd_secondary_zones }}" - -- name: Add include lines for secondary zones to the include file - lineinfile: - state: present - dest: "{{ zones_include_file }}" - regexp: "^include: {{ zones_config_dir }}/{{ item.zone_name }}.secondary.conf" - line: "include: {{ zones_config_dir }}/{{ item.zone_name }}.secondary.conf" - with_items: "{{ nsd_secondary_zones }}" - notify: - - restart nsd3 - - -- name: Configure TSIG keys - template: src=tsigkey_config.j2 dest="{{ keys_config_dir }}/{{ item.tsig_keyname }}.conf" owner=root group=root mode=0644 - notify: - - restart nsd3 - with_items: "{{ nsd_tsig_keys }}" - -- name: Add include lines for TSIG keys - lineinfile: - state: present - dest: "{{ zones_include_file }}" - regexp: "^include: {{ keys_config_dir }}/{{ item.tsig_keyname }}.conf" - line: "include: {{ keys_config_dir }}/{{ item.tsig_keyname }}.conf" - with_items: "{{ nsd_tsig_keys }}" - notify: - - restart nsd3 diff --git a/templates/config.j2 b/templates/config.j2 index 0717c95..777f7ed 100644 --- a/templates/config.j2 +++ b/templates/config.j2 @@ -26,5 +26,5 @@ server: # Include zone definitions -include: "{{ zones_include_file }}" +include: "{{ zones_config_file }}" diff --git a/templates/primary_zone_config.j2 b/templates/primary_zone_config.j2 deleted file mode 100644 index 5fef8f4..0000000 --- a/templates/primary_zone_config.j2 +++ /dev/null @@ -1,9 +0,0 @@ -# Primary zone definition for {{ item.zone_name }} -zone: - name: "{{ item.zone_name }}" - zonefile: "{{ primary_zones_dir }}/{{ item.zone_filename }}" -{% for slave in item.slaves|default([]) %} - notify: {{ slave.ip }} "{{ slave.tsig_key|default('NOKEY') }}" - provide-xfr: {{ slave.ip }} "{{ slave.tsig_key|default('NOKEY') }}" -{% endfor %} - diff --git a/templates/secondary_zone_config.j2 b/templates/secondary_zone_config.j2 deleted file mode 100644 index ffc1a86..0000000 --- a/templates/secondary_zone_config.j2 +++ /dev/null @@ -1,9 +0,0 @@ -# Secondary zone definition for {{ item.zone_name }} -zone: - name: "{{ item.zone_name }}" - zonefile: "{{ secondary_zones_dir }}/{{ item.zone_name }}" -{% for master in item.masters|default([]) %} - allow-notify: {{ master.ip }} "{{ master.tsig_key|default('NOKEY') }}" - request-xfr: AXFR {{ master.ip }} "{{ master.tsig_key|default('NOKEY') }}" -{% endfor %} - diff --git a/templates/zones_config.j2 b/templates/zones_config.j2 new file mode 100644 index 0000000..b492493 --- /dev/null +++ b/templates/zones_config.j2 @@ -0,0 +1,44 @@ +# NSD configuration, automatically generated by Ansible. +# Do not edit by hand! +# +# This file is included by the main configuration file, and contains +# definitions for all zones (primary and secondary) and TSIG keys. + +## TSIG keys ## +{% for key in nsd_tsig_keys|default([]) %} +key: + name: "{{ key.tsig_keyname }}" + secret: "{{ key.tsig_secret }}" + algorithm: "{{ key.tsig_algorithm }}" + +{% endfor %} + + +## Primary zones ## + +{% for zone in nsd_primary_zones|default([]) %} +# Primary zone definition for {{ zone.zone_name }} +zone: + name: "{{ zone.zone_name }}" + zonefile: "{{ primary_zones_dir }}/{{ zone.zone_filename }}" +{% for slave in zone.slaves|default([]) %} + notify: {{ slave.ip }} "{{ slave.tsig_key|default('NOKEY') }}" + provide-xfr: {{ slave.ip }} "{{ slave.tsig_key|default('NOKEY') }}" +{% endfor %} + +{% endfor %} + + +## Secondary zones ## + +{% for zone in nsd_secondary_zones|default([]) %} +# Secondary zone definition for {{ zone.zone_name }} +zone: + name: "{{ zone.zone_name }}" + zonefile: "{{ secondary_zones_dir }}/{{ zone.zone_name }}" +{% for master in zone.masters|default([]) %} + allow-notify: {{ master.ip }} "{{ master.tsig_key|default('NOKEY') }}" + request-xfr: AXFR {{ master.ip }} "{{ master.tsig_key|default('NOKEY') }}" +{% endfor %} + +{% endfor %}