Merge branch 'bind9_evocheck_fix' into unstable
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/push Build is passing
Details
This commit is contained in:
commit
d5731f90e0
12
CHANGELOG.md
12
CHANGELOG.md
|
@ -42,6 +42,9 @@ The **patch** part changes incrementally at each release.
|
||||||
* webapps/evoadmin-web Overload templates if needed
|
* webapps/evoadmin-web Overload templates if needed
|
||||||
* evolinux-base: install ssacli for HP Smart Array
|
* evolinux-base: install ssacli for HP Smart Array
|
||||||
* evobackup-client role to configure a machine for backups with bkctld(8)
|
* evobackup-client role to configure a machine for backups with bkctld(8)
|
||||||
|
* bind: enable query logging for recursive resolvers
|
||||||
|
* bind: enable logrotate for recursive resolvers
|
||||||
|
* bind: enable bind9 munin plugin for recursive resolvers
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
* replace version_compare() with version()s
|
* replace version_compare() with version()s
|
||||||
|
@ -80,6 +83,14 @@ The **patch** part changes incrementally at each release.
|
||||||
* squid: compatibility wit Debian 10
|
* squid: compatibility wit Debian 10
|
||||||
* tomcat: package version derived from Debian version if missing
|
* tomcat: package version derived from Debian version if missing
|
||||||
* varnish: remove custom ExecReload= script for Debian 10+
|
* varnish: remove custom ExecReload= script for Debian 10+
|
||||||
|
<<<<<<< HEAD
|
||||||
|
=======
|
||||||
|
* lxc: remove useless loop in apt execution
|
||||||
|
* lxc: update our default template to be compatible with Debian 10
|
||||||
|
* lxc: rely on lxc_container module instead of command module
|
||||||
|
* bind: the munin task was present, but not included
|
||||||
|
* bind: change name of logrotate file to bind9
|
||||||
|
>>>>>>> bind9_evocheck_fix
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
* etc-git: fix warnings ansible-lint
|
* etc-git: fix warnings ansible-lint
|
||||||
|
@ -100,6 +111,7 @@ The **patch** part changes incrementally at each release.
|
||||||
### Removed
|
### Removed
|
||||||
* clamav : do not install the zoo package anymore
|
* clamav : do not install the zoo package anymore
|
||||||
|
|
||||||
|
|
||||||
### Security
|
### Security
|
||||||
|
|
||||||
## [9.10.1] - 2019-06-21
|
## [9.10.1] - 2019-06-21
|
||||||
|
|
|
@ -2,8 +2,10 @@
|
||||||
bind_recursive_server: False
|
bind_recursive_server: False
|
||||||
bind_authoritative_server: True
|
bind_authoritative_server: True
|
||||||
bind_chroot_set: True
|
bind_chroot_set: True
|
||||||
bind_chroot_path: /var/chroot-bind
|
# Until chroot-bind.sh is migrated to ansible, we hardcode the chroot paths.
|
||||||
|
#bind_chroot_path: /var/chroot-bind
|
||||||
bind_systemd_service_path: /etc/systemd/system/bind9.service
|
bind_systemd_service_path: /etc/systemd/system/bind9.service
|
||||||
bind_statistics_file: /var/run/named.stats
|
bind_statistics_file: /var/run/named.stats
|
||||||
bind_log_file: /var/log/bind.log
|
bind_log_file: /var/log/bind.log
|
||||||
bind_query_file: /var/log/bind_queries.log
|
bind_query_file: /var/log/bind_queries.log
|
||||||
|
bind_cache_dir: /var/cache/bind
|
||||||
|
|
|
@ -1,3 +1,13 @@
|
||||||
|
# Until chroot-bind.sh is migrated to ansible, we hardcode the chroot paths.
|
||||||
|
- name: set chroot variables
|
||||||
|
set_fact:
|
||||||
|
bind_log_file: /var/log/bind.log
|
||||||
|
bind_query_file: /var/log/bind_queries.log
|
||||||
|
bind_cache_dir: /var/cache/bind
|
||||||
|
bind_statistics_file: /var/run/named.stats
|
||||||
|
bind_chroot_path: /var/chroot-bind
|
||||||
|
when: bind_chroot_set
|
||||||
|
|
||||||
- name: package are installed
|
- name: package are installed
|
||||||
apt:
|
apt:
|
||||||
name:
|
name:
|
||||||
|
@ -48,23 +58,23 @@
|
||||||
- restart bind
|
- restart bind
|
||||||
when: ansible_distribution_release == "jessie"
|
when: ansible_distribution_release == "jessie"
|
||||||
|
|
||||||
- name: touch /var/log/bind.log if non chroot
|
- name: "touch {{ bind_log_file }} if non chroot"
|
||||||
file:
|
file:
|
||||||
path: /var/log/bind.log
|
path: "{{ bind_log_file }}"
|
||||||
owner: bind
|
owner: bind
|
||||||
group: adm
|
group: adm
|
||||||
mode: "0640"
|
mode: "0640"
|
||||||
state: touch
|
state: touch
|
||||||
when: bind_chroot_set == False
|
when: not bind_chroot_set
|
||||||
|
|
||||||
- name: touch /var/log/bind_queries.log if non chroot
|
- name: "touch {{ bind_query_file }} if non chroot"
|
||||||
file:
|
file:
|
||||||
path: /var/log/bind_queries.log
|
path: "{{ bind_query_file }}"
|
||||||
owner: bind
|
owner: bind
|
||||||
group: adm
|
group: adm
|
||||||
mode: "0640"
|
mode: "0640"
|
||||||
state: touch
|
state: touch
|
||||||
when: bind_authoritative_server and bind_chroot_set == False
|
when: not bind_chroot_set
|
||||||
|
|
||||||
- name: send chroot-bind.sh in /root
|
- name: send chroot-bind.sh in /root
|
||||||
copy:
|
copy:
|
||||||
|
@ -94,24 +104,14 @@
|
||||||
notify: restart bind
|
notify: restart bind
|
||||||
when: bind_chroot_set
|
when: bind_chroot_set
|
||||||
|
|
||||||
- name: logrotate for non chroot bind
|
- name: logrotate for bind
|
||||||
template:
|
template:
|
||||||
src: logrotate_bind
|
src: logrotate_bind.j2
|
||||||
dest: /etc/logrotate.d/bind
|
dest: /etc/logrotate.d/bind9
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
force: yes
|
force: yes
|
||||||
notify: restart bind
|
notify: restart bind
|
||||||
when: bind_chroot_set == False
|
|
||||||
|
|
||||||
- name: logrotate for chroot bind
|
- include: munin.yml
|
||||||
template:
|
|
||||||
src: logrotate_bind_chroot.j2
|
|
||||||
dest: /etc/logrotate.d/bind
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: "0644"
|
|
||||||
force: yes
|
|
||||||
notify: restart bind
|
|
||||||
when: bind_chroot_set
|
|
||||||
|
|
|
@ -8,9 +8,8 @@
|
||||||
tags:
|
tags:
|
||||||
- bind
|
- bind
|
||||||
- munin
|
- munin
|
||||||
when: bind_authoritative_server
|
|
||||||
|
|
||||||
- name: Enable munin plugins
|
- name: Enable munin plugins for authoritative server
|
||||||
file:
|
file:
|
||||||
src: "/usr/share/munin/plugins/{{ item }}"
|
src: "/usr/share/munin/plugins/{{ item }}"
|
||||||
dest: "/etc/munin/plugins/{{ item }}"
|
dest: "/etc/munin/plugins/{{ item }}"
|
||||||
|
@ -19,7 +18,25 @@
|
||||||
- bind9
|
- bind9
|
||||||
- bind9_rndc
|
- bind9_rndc
|
||||||
notify: restart munin-node
|
notify: restart munin-node
|
||||||
when: bind_authoritative_server and munin_node_plugins_config.stat.exists
|
when:
|
||||||
|
- bind_authoritative_server
|
||||||
|
- munin_node_plugins_config.stat.exists
|
||||||
|
tags:
|
||||||
|
- bind
|
||||||
|
- munin
|
||||||
|
|
||||||
|
- name: Enable munin plugins for recursive server
|
||||||
|
file:
|
||||||
|
src: "/usr/share/munin/plugins/{{ item }}"
|
||||||
|
dest: "/etc/munin/plugins/{{ item }}"
|
||||||
|
state: link
|
||||||
|
with_items:
|
||||||
|
- bind9
|
||||||
|
- bind9_rndc
|
||||||
|
notify: restart munin-node
|
||||||
|
when:
|
||||||
|
- bind_recursive_server
|
||||||
|
- munin_node_plugins_config.stat.exists
|
||||||
tags:
|
tags:
|
||||||
- bind
|
- bind
|
||||||
- munin
|
- munin
|
||||||
|
@ -33,7 +50,7 @@
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
force: yes
|
force: yes
|
||||||
notify: restart munin-node
|
notify: restart munin-node
|
||||||
when: bind_authoritative_server and munin_node_plugins_config.stat.exists
|
when: munin_node_plugins_config.stat.exists
|
||||||
tags:
|
tags:
|
||||||
- bind
|
- bind
|
||||||
- munin
|
- munin
|
||||||
|
|
|
@ -1,4 +1,8 @@
|
||||||
/var/log/bind.log {
|
{% if bind_chroot_set %}
|
||||||
|
{{ bind_chroot_path }}{{bind_log_file}} {
|
||||||
|
{% else %}
|
||||||
|
{{bind_log_file}} {
|
||||||
|
{% endif %}
|
||||||
weekly
|
weekly
|
||||||
missingok
|
missingok
|
||||||
rotate 52
|
rotate 52
|
|
@ -1,10 +0,0 @@
|
||||||
{{ bind_chroot_path }}/var/log/bind.log {
|
|
||||||
weekly
|
|
||||||
missingok
|
|
||||||
rotate 52
|
|
||||||
create 640 bind bind
|
|
||||||
sharedscripts
|
|
||||||
postrotate
|
|
||||||
rndc reload > /dev/null
|
|
||||||
endscript
|
|
||||||
}
|
|
|
@ -1,6 +1,9 @@
|
||||||
[bind*]
|
[bind*]
|
||||||
user root
|
user root
|
||||||
env.logfile {{ bind_query_file }}
|
|
||||||
env.querystats {{ bind_chroot_path }}{{ bind_statistics_file }}
|
env.logfile {% if bind_chroot_set %}{{ bind_chroot_path }}{% endif %}{{ bind_query_file }}
|
||||||
|
{% if bind_authoritative_server %}
|
||||||
|
env.querystats {% if bind_chroot_set %}{{ bind_chroot_path }}{% endif %}{{ bind_statistics_file }}
|
||||||
|
{% endif %}
|
||||||
env.MUNIN_PLUGSTATE /var/lib/munin
|
env.MUNIN_PLUGSTATE /var/lib/munin
|
||||||
timeout 120
|
timeout 120
|
||||||
|
|
|
@ -4,11 +4,11 @@ acl "foo" {
|
||||||
};
|
};
|
||||||
|
|
||||||
options {
|
options {
|
||||||
directory "/var/cache/bind";
|
directory "{{ bind_cache_dir }}";
|
||||||
version "Bingo";
|
version "Bingo";
|
||||||
auth-nxdomain no;
|
auth-nxdomain no;
|
||||||
masterfile-format text;
|
masterfile-format text;
|
||||||
statistics-file "/var/run/named.stats";
|
statistics-file "{{ bind_statistics_file }}";
|
||||||
|
|
||||||
listen-on-v6 { any; };
|
listen-on-v6 { any; };
|
||||||
listen-on { any; };
|
listen-on { any; };
|
||||||
|
@ -23,11 +23,11 @@ logging {
|
||||||
category queries { query_logging; };
|
category queries { query_logging; };
|
||||||
|
|
||||||
channel default_file {
|
channel default_file {
|
||||||
file "/var/log/bind.log";
|
file "{{ bind_log_file }}";
|
||||||
severity info;
|
severity info;
|
||||||
};
|
};
|
||||||
channel query_logging {
|
channel query_logging {
|
||||||
file "/var/log/bind_queries.log" versions 2 size 128M;
|
file "{{ bind_query_file }}" versions 2 size 128M;
|
||||||
print-category yes;
|
print-category yes;
|
||||||
print-severity yes;
|
print-severity yes;
|
||||||
print-time yes;
|
print-time yes;
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
options {
|
options {
|
||||||
directory "/var/cache/bind";
|
directory "{{ bind_cache_dir }}";
|
||||||
version "Bingo";
|
version "Bingo";
|
||||||
auth-nxdomain no;
|
auth-nxdomain no;
|
||||||
listen-on-v6 { ::1; };
|
listen-on-v6 { ::1; };
|
||||||
|
@ -8,9 +8,17 @@ options {
|
||||||
};
|
};
|
||||||
|
|
||||||
logging {
|
logging {
|
||||||
category default { default_file; };
|
category default { default_file; };
|
||||||
channel default_file {
|
category queries { query_logging; };
|
||||||
file "/var/log/bind.log";
|
|
||||||
severity info;
|
channel default_file {
|
||||||
};
|
file "{{ bind_log_file }}";
|
||||||
|
severity info;
|
||||||
|
};
|
||||||
|
channel query_logging {
|
||||||
|
file "{{ bind_query_file }}" versions 2 size 128M;
|
||||||
|
print-category yes;
|
||||||
|
print-severity yes;
|
||||||
|
print-time yes;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in New Issue