NSD: Simplify configuration to use only one file for all zones, instead of many includes

This also allows the playbook to be idempotent.
This commit is contained in:
Baptiste Jonglez 2016-03-27 17:39:55 +02:00
parent 99a1b418f1
commit eef721d276
5 changed files with 55 additions and 84 deletions

View File

@ -3,14 +3,6 @@
- name: Install nsd3 - name: Install nsd3
apt: pkg=nsd3 state=present apt: pkg=nsd3 state=present
- name: Configure nsd3
template: src=config.j2 dest={{ nsd_config_dir }}/nsd.conf owner=root group=root mode=0644
notify:
- restart nsd3
- name: Create zone configuration directory
file: path={{ zones_config_dir }} state=directory owner=root group=root mode=0755
- name: Create primary zone directory - name: Create primary zone directory
file: path={{ primary_zones_dir }} state=directory owner=root group=root mode=0755 file: path={{ primary_zones_dir }} state=directory owner=root group=root mode=0755
@ -18,69 +10,22 @@
- name: Create secondary zone directory - name: Create secondary zone directory
file: path={{ secondary_zones_dir }} state=directory owner=nsd group=nsd mode=0755 file: path={{ secondary_zones_dir }} state=directory owner=nsd group=nsd mode=0755
- name: Create keys directory
file: path={{ keys_config_dir }} state=directory owner=root group=root mode=0755
- name: Create base nsd3 configuration file
# Unfortunately, nsd doesn't allow to say "include all files in this directory". template: src=config.j2 dest={{ nsd_config_dir }}/nsd.conf owner=root group=root mode=0644
# The following implements the inclusion logic: the main config file includes
# a secondary file, in which we add include statements for each zone.
- name: Wipe include file
copy: dest={{ zones_include_file }} content="# Generated automatically by Ansible, do not edit by hand.\n"
- name: Configure primary nsd3 zones
template: src=primary_zone_config.j2 dest="{{ zones_config_dir }}/{{ item.zone_name }}.primary.conf" owner=root group=root mode=0644
notify:
- restart nsd3
with_items: "{{ nsd_primary_zones }}"
- name: Add include lines for primary zones to the include file
lineinfile:
state: present
dest: "{{ zones_include_file }}"
regexp: "^include: {{ zones_config_dir }}/{{ item.zone_name }}.primary.conf"
line: "include: {{ zones_config_dir }}/{{ item.zone_name }}.primary.conf"
with_items: "{{ nsd_primary_zones }}"
notify: notify:
- restart nsd3 - restart nsd3
- name: Copy primary nsd3 zones - name: Configure nsd3 zones
template: src=zones_config.j2 dest={{ zones_config_file }} owner=root group=root mode=0644
notify:
- rebuild nsd3 database
- restart nsd3
- name: Copy content of primary nsd3 zones
copy: src="files/nsd/{{ item.zone_filename }}" dest="{{ primary_zones_dir }}/{{ item.zone_filename }}" owner=root group=root mode=0644 copy: src="files/nsd/{{ item.zone_filename }}" dest="{{ primary_zones_dir }}/{{ item.zone_filename }}" owner=root group=root mode=0644
with_items: "{{ nsd_primary_zones }}" with_items: "{{ nsd_primary_zones }}"
notify: notify:
- rebuild nsd3 database - rebuild nsd3 database
- notify slaves - notify slaves
- name: Configure secondary nsd3 zones
template: src=secondary_zone_config.j2 dest="{{ zones_config_dir }}/{{ item.zone_name }}.secondary.conf" owner=root group=root mode=0644
notify:
- restart nsd3
with_items: "{{ nsd_secondary_zones }}"
- name: Add include lines for secondary zones to the include file
lineinfile:
state: present
dest: "{{ zones_include_file }}"
regexp: "^include: {{ zones_config_dir }}/{{ item.zone_name }}.secondary.conf"
line: "include: {{ zones_config_dir }}/{{ item.zone_name }}.secondary.conf"
with_items: "{{ nsd_secondary_zones }}"
notify:
- restart nsd3
- name: Configure TSIG keys
template: src=tsigkey_config.j2 dest="{{ keys_config_dir }}/{{ item.tsig_keyname }}.conf" owner=root group=root mode=0644
notify:
- restart nsd3
with_items: "{{ nsd_tsig_keys }}"
- name: Add include lines for TSIG keys
lineinfile:
state: present
dest: "{{ zones_include_file }}"
regexp: "^include: {{ keys_config_dir }}/{{ item.tsig_keyname }}.conf"
line: "include: {{ keys_config_dir }}/{{ item.tsig_keyname }}.conf"
with_items: "{{ nsd_tsig_keys }}"
notify:
- restart nsd3

View File

@ -26,5 +26,5 @@ server:
# Include zone definitions # Include zone definitions
include: "{{ zones_include_file }}" include: "{{ zones_config_file }}"

View File

@ -1,9 +0,0 @@
# Primary zone definition for {{ item.zone_name }}
zone:
name: "{{ item.zone_name }}"
zonefile: "{{ primary_zones_dir }}/{{ item.zone_filename }}"
{% for slave in item.slaves|default([]) %}
notify: {{ slave.ip }} "{{ slave.tsig_key|default('NOKEY') }}"
provide-xfr: {{ slave.ip }} "{{ slave.tsig_key|default('NOKEY') }}"
{% endfor %}

View File

@ -1,9 +0,0 @@
# Secondary zone definition for {{ item.zone_name }}
zone:
name: "{{ item.zone_name }}"
zonefile: "{{ secondary_zones_dir }}/{{ item.zone_name }}"
{% for master in item.masters|default([]) %}
allow-notify: {{ master.ip }} "{{ master.tsig_key|default('NOKEY') }}"
request-xfr: AXFR {{ master.ip }} "{{ master.tsig_key|default('NOKEY') }}"
{% endfor %}

44
templates/zones_config.j2 Normal file
View File

@ -0,0 +1,44 @@
# NSD configuration, automatically generated by Ansible.
# Do not edit by hand!
#
# This file is included by the main configuration file, and contains
# definitions for all zones (primary and secondary) and TSIG keys.
## TSIG keys ##
{% for key in nsd_tsig_keys|default([]) %}
key:
name: "{{ key.tsig_keyname }}"
secret: "{{ key.tsig_secret }}"
algorithm: "{{ key.tsig_algorithm }}"
{% endfor %}
## Primary zones ##
{% for zone in nsd_primary_zones|default([]) %}
# Primary zone definition for {{ zone.zone_name }}
zone:
name: "{{ zone.zone_name }}"
zonefile: "{{ primary_zones_dir }}/{{ zone.zone_filename }}"
{% for slave in zone.slaves|default([]) %}
notify: {{ slave.ip }} "{{ slave.tsig_key|default('NOKEY') }}"
provide-xfr: {{ slave.ip }} "{{ slave.tsig_key|default('NOKEY') }}"
{% endfor %}
{% endfor %}
## Secondary zones ##
{% for zone in nsd_secondary_zones|default([]) %}
# Secondary zone definition for {{ zone.zone_name }}
zone:
name: "{{ zone.zone_name }}"
zonefile: "{{ secondary_zones_dir }}/{{ zone.zone_name }}"
{% for master in zone.masters|default([]) %}
allow-notify: {{ master.ip }} "{{ master.tsig_key|default('NOKEY') }}"
request-xfr: AXFR {{ master.ip }} "{{ master.tsig_key|default('NOKEY') }}"
{% endfor %}
{% endfor %}