c6804e73e7
The required munin plugins and the logging necessary for them to work is now activated depending on the type of resolver and the logrotate file is changed from bind to bind9.
121 lines
2.6 KiB
YAML
121 lines
2.6 KiB
YAML
- name: package are installed
|
|
apt:
|
|
name: '{{ item }}'
|
|
state: present
|
|
with_items:
|
|
- bind9
|
|
- dnstop
|
|
|
|
- name: Set bind configuration for recursive server
|
|
template:
|
|
src: named.conf.options_recursive.j2
|
|
dest: /etc/bind/named.conf.options
|
|
owner: bind
|
|
group: bind
|
|
mode: "0644"
|
|
force: yes
|
|
notify: restart bind
|
|
when: bind_recursive_server
|
|
|
|
- name: enable zones.rfc1918 for recursive server
|
|
lineinfile:
|
|
dest: /etc/bind/named.conf.local
|
|
line: 'include "/etc/bind/zones.rfc1918";'
|
|
regexp: "zones.rfc1918"
|
|
notify: restart bind
|
|
when: bind_recursive_server
|
|
|
|
- name: Set bind configuration for authoritative server
|
|
template:
|
|
src: named.conf.options_authoritative.j2
|
|
dest: /etc/bind/named.conf.options
|
|
owner: bind
|
|
group: bind
|
|
mode: "0644"
|
|
force: yes
|
|
notify: restart bind
|
|
when: bind_authoritative_server
|
|
|
|
- name: Create systemd service
|
|
template:
|
|
src: bind9.service.j2
|
|
dest: "{{ bind_systemd_service_path }}"
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
force: yes
|
|
notify:
|
|
- reload systemd
|
|
- restart bind
|
|
when: ansible_distribution_release == "jessie"
|
|
|
|
- name: touch /var/log/bind.log if non chroot
|
|
file:
|
|
path: /var/log/bind.log
|
|
owner: bind
|
|
group: adm
|
|
mode: "0640"
|
|
state: touch
|
|
when: bind_chroot_set == False
|
|
|
|
- name: touch /var/log/bind_queries.log if non chroot
|
|
file:
|
|
path: /var/log/bind_queries.log
|
|
owner: bind
|
|
group: adm
|
|
mode: "0640"
|
|
state: touch
|
|
when: bind_chroot_set == False
|
|
|
|
- name: send chroot-bind.sh in /root
|
|
copy:
|
|
src: chroot-bind.sh
|
|
dest: /root/chroot-bind.sh
|
|
mode: "0700"
|
|
owner: root
|
|
force: yes
|
|
backup: yes
|
|
when: bind_chroot_set
|
|
|
|
- name: exec chroot-bind.sh
|
|
command: "/root/chroot-bind.sh"
|
|
register: chrootbind_run
|
|
changed_when: False
|
|
when: bind_chroot_set
|
|
|
|
- debug:
|
|
var: chrootbind_run.stdout_lines
|
|
when: bind_chroot_set and chrootbind_run.stdout != ""
|
|
|
|
- name: Modify OPTIONS in /etc/default/bind9 for chroot
|
|
replace:
|
|
dest: /etc/default/bind9
|
|
regexp: '^OPTIONS=.*'
|
|
replace: 'OPTIONS="-u bind -t {{ bind_chroot_path }}"'
|
|
notify: restart bind
|
|
when: bind_chroot_set
|
|
|
|
- name: logrotate for non chroot bind
|
|
template:
|
|
src: logrotate_bind
|
|
dest: /etc/logrotate.d/bind9
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
force: yes
|
|
notify: restart bind
|
|
when: bind_chroot_set == False
|
|
|
|
- name: logrotate for chroot bind
|
|
template:
|
|
src: logrotate_bind_chroot.j2
|
|
dest: /etc/logrotate.d/bind9
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
force: yes
|
|
notify: restart bind
|
|
when: bind_chroot_set
|
|
|
|
- include: munin.yml
|