- name: Ensure bind9 installed apt: name: bind9 state: present - name: Modify OPTIONS in /etc/default/bind9 replace: dest: /etc/default/bind9 regexp: '^OPTIONS.*' replace: 'OPTIONS="-u bind -t {{ bind_chroot_root }}"' - name: Create systemd service file: path: "{{ bind_systemd_service_path }}" owner: root group: root mode: "0644" state: touch register: create_bind_systemd - name: "Fill out systemd service" blockinfile: dest: "{{ bind_systemd_service_path }}" block: | [Unit] Description=BIND Domain Name Server Documentation=man:named(8) After=network.target [Service] EnvironmentFile=-/etc/default/bind9 ExecStart=/usr/sbin/named -f $OPTIONS ExecReload=/usr/sbin/rndc reload ExecStop=/usr/sbin/rndc stop [Install] WantedBy=multi-user.target when: create_bind_systemd | changed - name: Create directories file: path: "{{ bind_chroot_root }}/{{ item }}" state: directory owner: bind group: bind mode: "0700" recurse: yes with_items: - bin - dev - etc - lib - usr/lib - usr/sbin - var/cache/bind - var/log - var/run/bind/run register: create_bind_dir - name: Stat /etc/bind stat: path: "/etc/bind" register: bind_stat - name: Move /etc/bind in chroot command: "mv /etc/bind/ {{ bind_chroot_root }}/etc/" when: bind_stat.stat.exists and not bind_stat.stat.islnk - name: Create symlink file: src: "{{ bind_chroot_root }}/etc/bind" dest: "/etc/bind" state: link - name: Create log file file: path: "{{ bind_chroot_root }}/var/log/bind.log" state: touch mode: "0640" owner: bind group: bind - name: Create log symlink file: src: "{{ bind_chroot_root }}/var/log/bind.log" dest: "/var/log/bind.log" state: link - name: Create run directory file: path: "/var/run/bind/run" state: directory owner: root group: bind mode: "0770" recurse: yes - name: "Stat var/run/bind/run/named in chroot" stat: path: "{{ bind_chroot_root }}/var/run/bind/run/named" register: named_run - name: "Clean var/run/bind/run/named in chroot" file: state: absent path: "{{ bind_chroot_root }}/var/run/bind/run/named" when: named_run.stat.isdir - name: Clean /var/run/bind/run/named.pid file: state: absent path: "/var/run/bind/run/named.pid" when: named_run.stat.isdir - name: Stat /var/run/bind/run/named.pid stat: path: "/var/run/bind/run/named.pid" register: named_pid - name: Cat pid content command: cat /var/run/bind/run/named.pid > {{ bind_chroot_root }}/var/run/bind/run/named.pid when: named_pid.stat.isreg == True and not named_pid.stat.islnk - name: Clean /var/run/bind/run/named.pid file: state: absent path: "/var/run/bind/run/named.pid" when: named_pid.stat.isreg == True and not named_pid.stat.islnk - name: Clean /var/run/bind/run/named.pid file: state: absent path: "/var/run/bind/run/named.pid" when: not named_pid.stat.islnk - name: Create pid symlink in chroot file: src: "{{ bind_chroot_root }}/var/run/bind/run/named.pid" dest: "/var/run/bind/run/named.pid" state: link when: not named_pid.stat.islnk - name: "Stat dev/random in chroot" stat: path: "{{ bind_chroot_root }}/dev/random" register: named_random - name: mknod dev/random in chroot command: mknod {{ bind_chroot_root }}/dev/random c 1 3; chmod 666 {{ bind_chroot_root }}/dev/random when: not named_random.stat.exists - name: Copy essential libs command: for i in `ldd $(which named) | grep -v linux-vdso.so.1 | cut -d">" -f2 | cut -d"(" -f1` /usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so; do install -D $i {{ bind_chroot_root }}/${i##/} done when: create_bind_dir | changed - name: Copy bind copy: src: /usr/sbin/named dest: {{ bind_chroot_root }}/usr/sbin/ remote_src: True - name: Set the good rights command: chown -R bind:bind {{ bind_chroot_root }}/