Merge branch 'bind9_evocheck_fix' into unstable

CHANGELOG.md

@@ -42,6 +42,9 @@ The **patch** part changes incrementally at each release.
 * webapps/evoadmin-web Overload templates if needed
 * evolinux-base: install ssacli for HP Smart Array
 * evobackup-client role to configure a machine for backups with bkctld(8)
+* bind: enable query logging for recursive resolvers
+* bind: enable logrotate for recursive resolvers
+* bind: enable bind9 munin plugin for recursive resolvers
 
 ### Changed
 * replace version_compare() with version()s
@@ -80,6 +83,14 @@ The **patch** part changes incrementally at each release.
 * squid: compatibility wit Debian 10
 * tomcat: package version derived from Debian version if missing
 * varnish: remove custom ExecReload= script for Debian 10+
+<<<<<<< HEAD
+=======
+* lxc: remove useless loop in apt execution
+* lxc: update our default template to be compatible with Debian 10
+* lxc: rely on lxc_container module instead of command module
+* bind: the munin task was present, but not included
+* bind: change name of logrotate file to bind9
+>>>>>>> bind9_evocheck_fix
 
 ### Fixed
 * etc-git: fix warnings ansible-lint
@@ -100,6 +111,7 @@ The **patch** part changes incrementally at each release.
 ### Removed
 * clamav : do not install the zoo package anymore
 
+
 ### Security
 
 ## [9.10.1] - 2019-06-21

bind/defaults/main.yml

@@ -2,8 +2,10 @@
 bind_recursive_server: False
 bind_authoritative_server: True
 bind_chroot_set: True
-bind_chroot_path: /var/chroot-bind
+# Until chroot-bind.sh is migrated to ansible, we hardcode the chroot paths.
+#bind_chroot_path: /var/chroot-bind
 bind_systemd_service_path: /etc/systemd/system/bind9.service
 bind_statistics_file: /var/run/named.stats
 bind_log_file: /var/log/bind.log
 bind_query_file: /var/log/bind_queries.log
+bind_cache_dir: /var/cache/bind

bind/tasks/main.yml

@@ -1,3 +1,13 @@
+# Until chroot-bind.sh is migrated to ansible, we hardcode the chroot paths.
+- name: set chroot variables
+  set_fact:
+     bind_log_file: /var/log/bind.log
+     bind_query_file: /var/log/bind_queries.log
+     bind_cache_dir: /var/cache/bind
+     bind_statistics_file: /var/run/named.stats
+     bind_chroot_path: /var/chroot-bind
+  when: bind_chroot_set
+
 - name: package are installed
   apt:
     name:
@@ -48,23 +58,23 @@
   - restart bind
   when: ansible_distribution_release == "jessie"
 
-- name: touch /var/log/bind.log if non chroot
+- name: "touch {{ bind_log_file }} if non chroot"
   file:
-    path: /var/log/bind.log
+    path: "{{ bind_log_file }}"
     owner: bind
     group: adm
     mode: "0640"
     state: touch
-  when: bind_chroot_set == False
+  when: not bind_chroot_set
 
-- name: touch /var/log/bind_queries.log if non chroot
+- name: "touch {{ bind_query_file }} if non chroot"
   file:
-    path: /var/log/bind_queries.log
+    path: "{{ bind_query_file }}"
     owner: bind
     group: adm
     mode: "0640"
     state: touch
-  when: bind_authoritative_server and bind_chroot_set == False
+  when: not bind_chroot_set
 
 - name: send chroot-bind.sh in /root
   copy:
@@ -94,24 +104,14 @@
   notify: restart bind
   when: bind_chroot_set
 
-- name: logrotate for non chroot bind
+- name: logrotate for bind
   template:
-    src: logrotate_bind
+    src: logrotate_bind.j2
-    dest: /etc/logrotate.d/bind
+    dest: /etc/logrotate.d/bind9
     owner: root
     group: root
     mode: "0644"
     force: yes
   notify: restart bind
-  when: bind_chroot_set == False
 
-- name: logrotate for chroot bind
+- include: munin.yml
-  template:
-    src: logrotate_bind_chroot.j2
-    dest: /etc/logrotate.d/bind
-    owner: root
-    group: root
-    mode: "0644"
-    force: yes
-  notify: restart bind
-  when: bind_chroot_set

bind/tasks/munin.yml

@@ -8,9 +8,8 @@
   tags:
     - bind
     - munin
-  when: bind_authoritative_server
 
-- name: Enable munin plugins
+- name: Enable munin plugins for authoritative server
   file:
     src: "/usr/share/munin/plugins/{{ item }}"
     dest: "/etc/munin/plugins/{{ item }}"
@@ -19,7 +18,25 @@
     - bind9
     - bind9_rndc
   notify: restart munin-node
-  when: bind_authoritative_server and munin_node_plugins_config.stat.exists
+  when:
+    - bind_authoritative_server
+    - munin_node_plugins_config.stat.exists
+  tags:
+    - bind
+    - munin
+
+- name: Enable munin plugins for recursive server
+  file:
+    src: "/usr/share/munin/plugins/{{ item }}"
+    dest: "/etc/munin/plugins/{{ item }}"
+    state: link
+  with_items:
+    - bind9
+    - bind9_rndc
+  notify: restart munin-node
+  when:
+    - bind_recursive_server
+    - munin_node_plugins_config.stat.exists
   tags:
     - bind
     - munin
@@ -33,7 +50,7 @@
     mode: "0644"
     force: yes
   notify: restart munin-node
-  when: bind_authoritative_server and munin_node_plugins_config.stat.exists
+  when: munin_node_plugins_config.stat.exists
   tags:
     - bind
     - munin

bind/templates/logrotate_bind.j2

@@ -1,4 +1,8 @@
-/var/log/bind.log {
+{% if bind_chroot_set %}
+{{ bind_chroot_path }}{{bind_log_file}} {
+{% else %}
+{{bind_log_file}} {
+{% endif %}
     weekly
     missingok
     rotate 52

bind/templates/logrotate_bind_chroot.j2

@@ -1,10 +0,0 @@
-{{ bind_chroot_path }}/var/log/bind.log {
-    weekly
-    missingok
-    rotate 52
-    create 640 bind bind
-    sharedscripts
-    postrotate
-        rndc reload > /dev/null
-    endscript
-}

bind/templates/munin-env_bind9.j2

@@ -1,6 +1,9 @@
 [bind*]
 user root
-env.logfile {{ bind_query_file }}
+
-env.querystats {{ bind_chroot_path }}{{ bind_statistics_file }}
+env.logfile {% if bind_chroot_set %}{{ bind_chroot_path }}{% endif %}{{ bind_query_file }}
+{% if bind_authoritative_server %}
+env.querystats {% if bind_chroot_set %}{{ bind_chroot_path }}{% endif %}{{ bind_statistics_file }}
+{% endif %}
 env.MUNIN_PLUGSTATE /var/lib/munin
 timeout 120

bind/templates/named.conf.options_authoritative.j2

@@ -4,11 +4,11 @@ acl "foo" {
 };
 
 options {
-      directory "/var/cache/bind";
+      directory "{{ bind_cache_dir }}";
       version "Bingo";
       auth-nxdomain no;
       masterfile-format text;
-      statistics-file "/var/run/named.stats";
+      statistics-file "{{ bind_statistics_file }}";
 
       listen-on-v6 { any; };
       listen-on { any; };
@@ -23,11 +23,11 @@ logging {
     category queries { query_logging; };
 
     channel default_file {
-        file "/var/log/bind.log";
+        file "{{ bind_log_file }}";
         severity info;
     };
     channel query_logging {
-        file "/var/log/bind_queries.log" versions 2 size 128M;
+        file "{{ bind_query_file }}" versions 2 size 128M;
         print-category yes;
         print-severity yes;
         print-time yes;

bind/templates/named.conf.options_recursive.j2

@@ -1,5 +1,5 @@
 options {
-    directory "/var/cache/bind";
+    directory "{{ bind_cache_dir }}";
     version "Bingo";
     auth-nxdomain no;
     listen-on-v6 { ::1; };
@@ -8,9 +8,17 @@ options {
 };
 
 logging {
-        category default { default_file; };
+    category default { default_file; };
-        channel default_file {
+    category queries { query_logging; };
-                file "/var/log/bind.log";
+
-                severity info;
+    channel default_file {
-        };
+        file "{{ bind_log_file }}";
+        severity info;
+    };
+    channel query_logging {
+        file "{{ bind_query_file }}" versions 2 size 128M;
+        print-category yes;
+        print-severity yes;
+        print-time yes;
+    };
 };