Adapted the bind role to respect the evocheck warnings
The required munin plugins and the logging necessary for them to work is now activated depending on the type of resolver and the logrotate file is changed from bind to bind9.
This commit is contained in:
parent
569ad4d38a
commit
c6804e73e7
|
@ -26,6 +26,9 @@ The **patch** part changes incrementally at each release.
|
|||
* redis: rewrite of the role (separate instances, better systemd units…)
|
||||
* webapps/evoadmin-web Overload templates if needed
|
||||
* webapps/evoadmin-web Add an htpasswd to evoadmin if you cant use an apache IP whitelist
|
||||
* bind: enable query logging for recursive resolvers
|
||||
* bind: enable logrotate for recursive resolvers
|
||||
* bind: enable bind9 munin plugin for recursive resolvers
|
||||
|
||||
### Changed
|
||||
* elasticsearch: listen on local interface only by default
|
||||
|
@ -41,6 +44,8 @@ The **patch** part changes incrementally at each release.
|
|||
* lxc: remove useless loop in apt execution
|
||||
* lxc: update our default template to be compatible with Debian 10
|
||||
* lxc: rely on lxc_container module instead of command module
|
||||
* bind: the munin task was present, but not included
|
||||
* bind: change name of logrotate file to bind9
|
||||
|
||||
### Fixed
|
||||
* lxc-php: Don't remove the default pool
|
||||
|
@ -49,6 +54,7 @@ The **patch** part changes incrementally at each release.
|
|||
* tomcat: fix typo for default tomcat_version
|
||||
* evoadmin-web: Put the php config at the right place for Buster
|
||||
|
||||
|
||||
### Security
|
||||
|
||||
## [9.10.1] - 2019-06-21
|
||||
|
|
|
@ -65,7 +65,7 @@
|
|||
group: adm
|
||||
mode: "0640"
|
||||
state: touch
|
||||
when: bind_authoritative_server and bind_chroot_set == False
|
||||
when: bind_chroot_set == False
|
||||
|
||||
- name: send chroot-bind.sh in /root
|
||||
copy:
|
||||
|
@ -98,7 +98,7 @@
|
|||
- name: logrotate for non chroot bind
|
||||
template:
|
||||
src: logrotate_bind
|
||||
dest: /etc/logrotate.d/bind
|
||||
dest: /etc/logrotate.d/bind9
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
|
@ -109,10 +109,12 @@
|
|||
- name: logrotate for chroot bind
|
||||
template:
|
||||
src: logrotate_bind_chroot.j2
|
||||
dest: /etc/logrotate.d/bind
|
||||
dest: /etc/logrotate.d/bind9
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
force: yes
|
||||
notify: restart bind
|
||||
when: bind_chroot_set
|
||||
|
||||
- include: munin.yml
|
||||
|
|
|
@ -8,9 +8,8 @@
|
|||
tags:
|
||||
- bind
|
||||
- munin
|
||||
when: bind_authoritative_server
|
||||
|
||||
- name: Enable munin plugins
|
||||
- name: Enable munin plugins for authoritative server
|
||||
file:
|
||||
src: "/usr/share/munin/plugins/{{ item }}"
|
||||
dest: "/etc/munin/plugins/{{ item }}"
|
||||
|
@ -19,7 +18,25 @@
|
|||
- bind9
|
||||
- bind9_rndc
|
||||
notify: restart munin-node
|
||||
when: bind_authoritative_server and munin_node_plugins_config.stat.exists
|
||||
when:
|
||||
- bind_authoritative_server
|
||||
- munin_node_plugins_config.stat.exists
|
||||
tags:
|
||||
- bind
|
||||
- munin
|
||||
|
||||
- name: Enable munin plugins for recursive server
|
||||
file:
|
||||
src: "/usr/share/munin/plugins/{{ item }}"
|
||||
dest: "/etc/munin/plugins/{{ item }}"
|
||||
state: link
|
||||
with_items:
|
||||
- bind9
|
||||
- bind9_rndc
|
||||
notify: restart munin-node
|
||||
when:
|
||||
- bind_recursive_server
|
||||
- munin_node_plugins_config.stat.exists
|
||||
tags:
|
||||
- bind
|
||||
- munin
|
||||
|
@ -33,7 +50,7 @@
|
|||
mode: "0644"
|
||||
force: yes
|
||||
notify: restart munin-node
|
||||
when: bind_authoritative_server and munin_node_plugins_config.stat.exists
|
||||
when: munin_node_plugins_config.stat.exists
|
||||
tags:
|
||||
- bind
|
||||
- munin
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
[bind*]
|
||||
user root
|
||||
env.logfile {{ bind_query_file }}
|
||||
{% if bind_authoritative_server %}
|
||||
env.querystats {{ bind_chroot_path }}{{ bind_statistics_file }}
|
||||
{% endif %}
|
||||
env.MUNIN_PLUGSTATE /var/lib/munin
|
||||
timeout 120
|
||||
|
|
|
@ -8,9 +8,17 @@ options {
|
|||
};
|
||||
|
||||
logging {
|
||||
category default { default_file; };
|
||||
channel default_file {
|
||||
file "/var/log/bind.log";
|
||||
severity info;
|
||||
};
|
||||
category default { default_file; };
|
||||
category queries { query_logging; };
|
||||
|
||||
channel default_file {
|
||||
file "/var/log/bind.log";
|
||||
severity info;
|
||||
};
|
||||
channel query_logging {
|
||||
file "/var/log/bind_queries.log" versions 2 size 128M;
|
||||
print-category yes;
|
||||
print-severity yes;
|
||||
print-time yes;
|
||||
};
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue