dprevot/ansible-roles
1
0
Fork 0
forked from evolix/ansible-roles
Code Issues Pull requests 1 Projects Releases Wiki Activity

bind: variable chroot path

Browse source
This commit is contained in:
Jérémy Lecour 2017-04-06 11:18:35 +02:00 committed by Jérémy Lecour
parent 36b7efd5e4
commit 6cf4de3da8
2 changed files with 33 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
bind/defaults/main.yml
View file

@ -1,2 +1,3 @@
--- ---
bind_systemd_service_path: /etc/systemd/system/bind9.service bind_systemd_service_path: /etc/systemd/system/bind9.service
bind_chroot_root: /var/chroot-bind

65
bind/tasks/main.yml
View file

@ -7,7 +7,7 @@
replace: replace:
dest: /etc/default/bind9 dest: /etc/default/bind9
regexp: '^OPTIONS.*' regexp: '^OPTIONS.*'
replace: 'OPTIONS="-u bind -t /var/chroot-bind"' replace: 'OPTIONS="-u bind -t {{ bind_chroot_root }}"'
- name: Create systemd service - name: Create systemd service
file: file:
@ -26,36 +26,35 @@
Description=BIND Domain Name Server Description=BIND Domain Name Server
Documentation=man:named(8) Documentation=man:named(8)
After=network.target After=network.target
[Service] [Service]
EnvironmentFile=-/etc/default/bind9 EnvironmentFile=-/etc/default/bind9
ExecStart=/usr/sbin/named -f $OPTIONS ExecStart=/usr/sbin/named -f $OPTIONS
ExecReload=/usr/sbin/rndc reload ExecReload=/usr/sbin/rndc reload
ExecStop=/usr/sbin/rndc stop ExecStop=/usr/sbin/rndc stop
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
when: create_bind_systemd | changed when: create_bind_systemd | changed
- name: Create directories - name: Create directories
file: file:
path: "/var/{{ item }}" path: "{{ bind_chroot_root }}/{{ item }}"
state: directory state: directory
owner: bind owner: bind
group: bind group: bind
mode: "0700" mode: "0700"
recurse: yes recurse: yes
with_items: with_items:
- chroot-bind - bin
- chroot-bind/bin - dev
- chroot-bind/dev - etc
- chroot-bind/etc - lib
- chroot-bind/lib - usr/lib
- chroot-bind/usr/lib - usr/sbin
- chroot-bind/usr/sbin - var/cache/bind
- chroot-bind/var/cache/bind - var/log
- chroot-bind/var/log - var/run/bind/run
- chroot-bind/var/run/bind/run
register: create_bind_dir register: create_bind_dir
- name: Stat /etc/bind - name: Stat /etc/bind
@ -63,19 +62,19 @@
path: "/etc/bind" path: "/etc/bind"
register: bind_stat register: bind_stat
- name: Move bind to /var/chroot-bind/etc/ - name: Move /etc/bind in chroot
command: mv /etc/bind/ /var/chroot-bind/etc/ command: "mv /etc/bind/ {{ bind_chroot_root }}/etc/"
when: bind_stat.stat.exists and not bind_stat.stat.islnk when: bind_stat.stat.exists and not bind_stat.stat.islnk
- name: Create symlink - name: Create symlink
file: file:
src: "/var/chroot-bind/etc/bind" src: "{{ bind_chroot_root }}/etc/bind"
dest: "/etc/bind" dest: "/etc/bind"
state: link state: link
- name: Create log file - name: Create log file
file: file:
path: /var/chroot-bind/var/log/bind.log path: "{{ bind_chroot_root }}/var/log/bind.log"
state: touch state: touch
mode: "0640" mode: "0640"
owner: bind owner: bind
@ -83,7 +82,7 @@
- name: Create log symlink - name: Create log symlink
file: file:
src: "/var/chroot-bind/var/log/bind.log" src: "{{ bind_chroot_root }}/var/log/bind.log"
dest: "/var/log/bind.log" dest: "/var/log/bind.log"
state: link state: link
@ -96,15 +95,15 @@
mode: "0770" mode: "0770"
recurse: yes recurse: yes
- name: Stat /var/chroot-bind/var/run/bind/run/named - name: "Stat var/run/bind/run/named in chroot"
stat: stat:
path: "/var/chroot-bind/var/run/bind/run/named" path: "{{ bind_chroot_root }}/var/run/bind/run/named"
register: named_run register: named_run
- name: Clean /var/chroot-bind/var/run/bind/run/named - name: "Clean var/run/bind/run/named in chroot"
file: file:
state: absent state: absent
path: "/var/chroot-bind/var/run/bind/run/named" path: "{{ bind_chroot_root }}/var/run/bind/run/named"
when: named_run.stat.isdir when: named_run.stat.isdir
- name: Clean /var/run/bind/run/named.pid - name: Clean /var/run/bind/run/named.pid
@ -119,7 +118,7 @@
register: named_pid register: named_pid
- name: Cat pid content - name: Cat pid content
command: cat /var/run/bind/run/named.pid > /var/chroot-bind/var/run/bind/run/named.pid command: cat /var/run/bind/run/named.pid > {{ bind_chroot_root }}/var/run/bind/run/named.pid
when: named_pid.stat.isreg == True and not named_pid.stat.islnk when: named_pid.stat.isreg == True and not named_pid.stat.islnk
- name: Clean /var/run/bind/run/named.pid - name: Clean /var/run/bind/run/named.pid
@ -134,31 +133,31 @@
path: "/var/run/bind/run/named.pid" path: "/var/run/bind/run/named.pid"
when: not named_pid.stat.islnk when: not named_pid.stat.islnk
- name: Create pid symlink - name: Create pid symlink in chroot
file: file:
src: "/var/chroot-bind/var/run/bind/run/named.pid" src: "{{ bind_chroot_root }}/var/run/bind/run/named.pid"
dest: "/var/run/bind/run/named.pid" dest: "/var/run/bind/run/named.pid"
state: link state: link
when: not named_pid.stat.islnk when: not named_pid.stat.islnk
- name: Stat /var/chroot-bind/dev/random - name: "Stat dev/random in chroot"
stat: stat:
path: "/var/chroot-bind/dev/random" path: "{{ bind_chroot_root }}/dev/random"
register: named_random register: named_random
- name: mknod /var/chroot-bind/dev/random - name: mknod dev/random in chroot
command: mknod /var/chroot-bind/dev/random c 1 3; chmod 666 /var/chroot-bind/dev/random command: mknod {{ bind_chroot_root }}/dev/random c 1 3; chmod 666 {{ bind_chroot_root }}/dev/random
when: not named_random.stat.exists when: not named_random.stat.exists
- name: Copy essential libs - name: Copy essential libs
command: for i in `ldd $(which named) | grep -v linux-vdso.so.1 | cut -d">" -f2 | cut -d"(" -f1` /usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so; do install -D $i /var/chroot-bind/${i##/} done command: for i in `ldd $(which named) | grep -v linux-vdso.so.1 | cut -d">" -f2 | cut -d"(" -f1` /usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so; do install -D $i {{ bind_chroot_root }}/${i##/} done
when: create_bind_dir | changed when: create_bind_dir | changed
- name: Copy bind - name: Copy bind
copy: copy:
src: /usr/sbin/named src: /usr/sbin/named
dest: /var/chroot-bind/usr/sbin/ dest: {{ bind_chroot_root }}/usr/sbin/
remote_src: True remote_src: True
- name: Set the good rights - name: Set the good rights
command: chown -R bind:bind /var/chroot-bind/ command: chown -R bind:bind {{ bind_chroot_root }}/