2017-02-22 17:06:09 +01:00
|
|
|
- name: Ensure bind9 installed
|
|
|
|
apt:
|
|
|
|
name: bind9
|
|
|
|
state: present
|
|
|
|
|
2017-04-13 17:12:16 +02:00
|
|
|
- name: Set bind configuration
|
|
|
|
template:
|
|
|
|
src: named.conf.options.j2
|
|
|
|
dest: /etc/bind/named.conf.options
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: "0644"
|
|
|
|
force: yes
|
|
|
|
backup: yes
|
|
|
|
notify: restart bind
|
|
|
|
|
2017-02-22 17:06:09 +01:00
|
|
|
- name: Modify OPTIONS in /etc/default/bind9
|
|
|
|
replace:
|
|
|
|
dest: /etc/default/bind9
|
2017-04-06 14:22:17 +02:00
|
|
|
regexp: '^OPTIONS=.*'
|
2017-04-06 11:18:35 +02:00
|
|
|
replace: 'OPTIONS="-u bind -t {{ bind_chroot_root }}"'
|
2017-04-06 14:22:17 +02:00
|
|
|
notify: restart bind
|
2017-02-22 17:06:09 +01:00
|
|
|
|
2017-04-06 11:15:28 +02:00
|
|
|
- name: Create systemd service
|
2017-04-06 14:21:29 +02:00
|
|
|
template:
|
|
|
|
src: bind9.service.j2
|
|
|
|
dest: "{{ bind_systemd_service_path }}"
|
2017-02-22 17:06:09 +01:00
|
|
|
owner: root
|
|
|
|
group: root
|
2017-04-06 11:16:02 +02:00
|
|
|
mode: "0644"
|
2017-04-06 14:21:29 +02:00
|
|
|
force: yes
|
|
|
|
backup: yes
|
|
|
|
notify: restart bind
|
2017-02-22 17:06:09 +01:00
|
|
|
|
|
|
|
- name: Create directories
|
|
|
|
file:
|
2017-04-06 11:18:35 +02:00
|
|
|
path: "{{ bind_chroot_root }}/{{ item }}"
|
2017-02-22 17:06:09 +01:00
|
|
|
state: directory
|
|
|
|
owner: bind
|
|
|
|
group: bind
|
2017-04-06 11:16:02 +02:00
|
|
|
mode: "0700"
|
2017-04-06 14:22:17 +02:00
|
|
|
recurse: no
|
2017-02-22 17:06:09 +01:00
|
|
|
with_items:
|
2017-04-06 11:18:35 +02:00
|
|
|
- bin
|
|
|
|
- dev
|
|
|
|
- etc
|
|
|
|
- lib
|
|
|
|
- usr/lib
|
|
|
|
- usr/sbin
|
|
|
|
- var/cache/bind
|
|
|
|
- var/log
|
|
|
|
- var/run/bind/run
|
2017-02-22 17:06:09 +01:00
|
|
|
register: create_bind_dir
|
2017-04-06 14:22:17 +02:00
|
|
|
notify: restart bind
|
2017-02-22 17:06:09 +01:00
|
|
|
|
|
|
|
- name: Stat /etc/bind
|
|
|
|
stat:
|
|
|
|
path: "/etc/bind"
|
2017-04-06 11:52:41 +02:00
|
|
|
check_mode: no
|
2017-04-06 14:22:17 +02:00
|
|
|
register: etc_bind
|
2017-02-22 17:06:09 +01:00
|
|
|
|
2017-04-06 11:18:35 +02:00
|
|
|
- name: Move /etc/bind in chroot
|
|
|
|
command: "mv /etc/bind/ {{ bind_chroot_root }}/etc/"
|
2017-04-06 14:22:17 +02:00
|
|
|
when: etc_bind.stat.exists and not etc_bind.stat.islnk
|
|
|
|
notify: restart bind
|
2017-02-22 17:06:09 +01:00
|
|
|
|
|
|
|
- name: Create symlink
|
|
|
|
file:
|
2017-04-06 11:18:35 +02:00
|
|
|
src: "{{ bind_chroot_root }}/etc/bind"
|
2017-02-22 17:06:09 +01:00
|
|
|
dest: "/etc/bind"
|
|
|
|
state: link
|
2017-04-06 14:22:17 +02:00
|
|
|
notify: restart bind
|
2017-02-22 17:06:09 +01:00
|
|
|
|
2017-04-06 14:33:46 +02:00
|
|
|
- name: is there a log file?
|
|
|
|
stat:
|
|
|
|
path: "{{ bind_chroot_root }}/var/log/bind.log"
|
|
|
|
register: bind_log
|
|
|
|
|
|
|
|
- name: create log file
|
|
|
|
file:
|
|
|
|
path: "{{ bind_chroot_root }}/var/log/bind.log"
|
|
|
|
state: touch
|
|
|
|
when: not bind_log.stat.exists
|
|
|
|
|
|
|
|
- name: verify log file permissions
|
2017-02-22 17:06:09 +01:00
|
|
|
file:
|
2017-04-06 11:18:35 +02:00
|
|
|
path: "{{ bind_chroot_root }}/var/log/bind.log"
|
2017-02-22 17:06:09 +01:00
|
|
|
owner: bind
|
|
|
|
group: bind
|
2017-04-06 14:33:46 +02:00
|
|
|
mode: "0640"
|
|
|
|
state: file
|
2017-02-22 17:06:09 +01:00
|
|
|
|
|
|
|
- name: Create log symlink
|
|
|
|
file:
|
2017-04-06 11:18:35 +02:00
|
|
|
src: "{{ bind_chroot_root }}/var/log/bind.log"
|
2017-02-22 17:06:09 +01:00
|
|
|
dest: "/var/log/bind.log"
|
|
|
|
state: link
|
2017-04-06 14:22:17 +02:00
|
|
|
notify: restart bind
|
2017-02-22 17:06:09 +01:00
|
|
|
|
|
|
|
- name: Create run directory
|
|
|
|
file:
|
2017-02-23 15:25:03 +01:00
|
|
|
path: "/var/run/bind/run"
|
2017-02-22 17:06:09 +01:00
|
|
|
state: directory
|
|
|
|
owner: root
|
|
|
|
group: bind
|
2017-04-06 11:16:02 +02:00
|
|
|
mode: "0770"
|
2017-02-22 17:06:09 +01:00
|
|
|
recurse: yes
|
2017-04-06 14:22:17 +02:00
|
|
|
notify: restart bind
|
2017-02-22 17:06:09 +01:00
|
|
|
|
2017-04-06 11:18:35 +02:00
|
|
|
- name: "Stat var/run/bind/run/named in chroot"
|
2017-02-22 17:06:09 +01:00
|
|
|
stat:
|
2017-04-06 11:18:35 +02:00
|
|
|
path: "{{ bind_chroot_root }}/var/run/bind/run/named"
|
2017-04-06 11:52:41 +02:00
|
|
|
check_mode: no
|
2017-02-22 17:06:09 +01:00
|
|
|
register: named_run
|
|
|
|
|
2017-04-06 11:18:35 +02:00
|
|
|
- name: "Clean var/run/bind/run/named in chroot"
|
2017-02-22 17:06:09 +01:00
|
|
|
file:
|
2017-04-06 11:18:35 +02:00
|
|
|
path: "{{ bind_chroot_root }}/var/run/bind/run/named"
|
2017-04-06 14:22:17 +02:00
|
|
|
state: absent
|
|
|
|
when: named_run.stat.exists and named_run.stat.isdir
|
2017-02-22 17:06:09 +01:00
|
|
|
|
|
|
|
- name: Clean /var/run/bind/run/named.pid
|
|
|
|
file:
|
|
|
|
path: "/var/run/bind/run/named.pid"
|
2017-04-06 14:22:17 +02:00
|
|
|
state: absent
|
|
|
|
when: named_run.stat.exists and named_run.stat.isdir
|
2017-02-22 17:06:09 +01:00
|
|
|
|
|
|
|
- name: Stat /var/run/bind/run/named.pid
|
|
|
|
stat:
|
|
|
|
path: "/var/run/bind/run/named.pid"
|
2017-04-06 11:52:41 +02:00
|
|
|
check_mode: no
|
2017-02-22 17:06:09 +01:00
|
|
|
register: named_pid
|
|
|
|
|
|
|
|
- name: Cat pid content
|
2017-04-06 11:45:49 +02:00
|
|
|
command: "cat /var/run/bind/run/named.pid > {{ bind_chroot_root }}/var/run/bind/run/named.pid"
|
2017-04-06 14:22:17 +02:00
|
|
|
when: named_pid.stat.exists and named_pid.stat.isreg and not named_pid.stat.islnk
|
2017-02-22 17:06:09 +01:00
|
|
|
|
|
|
|
- name: Clean /var/run/bind/run/named.pid
|
|
|
|
file:
|
|
|
|
path: "/var/run/bind/run/named.pid"
|
2017-04-06 14:22:17 +02:00
|
|
|
state: absent
|
|
|
|
when: named_pid.stat.exists and named_pid.stat.isreg and not named_pid.stat.islnk
|
2017-02-22 17:06:09 +01:00
|
|
|
|
|
|
|
- name: Clean /var/run/bind/run/named.pid
|
|
|
|
file:
|
|
|
|
path: "/var/run/bind/run/named.pid"
|
2017-04-06 14:22:17 +02:00
|
|
|
state: absent
|
|
|
|
when: named_pid.stat.exists and not named_pid.stat.islnk
|
2017-02-22 17:06:09 +01:00
|
|
|
|
2017-04-06 11:18:35 +02:00
|
|
|
- name: Create pid symlink in chroot
|
2017-02-22 17:06:09 +01:00
|
|
|
file:
|
2017-04-06 11:18:35 +02:00
|
|
|
src: "{{ bind_chroot_root }}/var/run/bind/run/named.pid"
|
2017-02-22 17:06:09 +01:00
|
|
|
dest: "/var/run/bind/run/named.pid"
|
|
|
|
state: link
|
2017-04-06 14:22:17 +02:00
|
|
|
when: named_pid.stat.exists and not named_pid.stat.islnk
|
|
|
|
notify: restart bind
|
2017-02-22 17:06:09 +01:00
|
|
|
|
2017-04-06 11:18:35 +02:00
|
|
|
- name: "Stat dev/random in chroot"
|
2017-02-22 17:06:09 +01:00
|
|
|
stat:
|
2017-04-06 11:18:35 +02:00
|
|
|
path: "{{ bind_chroot_root }}/dev/random"
|
2017-04-06 11:52:41 +02:00
|
|
|
check_mode: no
|
2017-02-22 17:06:09 +01:00
|
|
|
register: named_random
|
|
|
|
|
2017-04-06 14:22:17 +02:00
|
|
|
- name: clean dev/random in chroot
|
|
|
|
shell: "mv {{ bind_chroot_root }}/dev/random {{ bind_chroot_root }}/dev/random.$(date +%s)"
|
|
|
|
when: named_random.stat.exists and not named_random.stat.ischr
|
|
|
|
|
2017-04-06 11:18:35 +02:00
|
|
|
- name: mknod dev/random in chroot
|
2017-04-06 14:22:17 +02:00
|
|
|
command: "mknod -m 666 {{ bind_chroot_root }}/dev/random c 1 3"
|
|
|
|
args:
|
|
|
|
creates: "{{ bind_chroot_root }}/dev/random"
|
|
|
|
notify: restart bind
|
2017-02-22 17:06:09 +01:00
|
|
|
|
2017-04-06 14:22:17 +02:00
|
|
|
- name: get essential libraries
|
|
|
|
shell: 'ldd $(which named) | grep -v linux-vdso.so.1 | cut -d">" -f2 | cut -d"(" -f1 | grep -oE "\S+"'
|
|
|
|
register: bind_ldd
|
|
|
|
check_mode: no
|
|
|
|
changed_when: False
|
|
|
|
|
|
|
|
- name: copy essential libs
|
|
|
|
command: "install -D {{ item }} {{ bind_chroot_root }}{{ item }}"
|
|
|
|
args:
|
|
|
|
creates: "{{ bind_chroot_root }}{{ item }}"
|
|
|
|
with_items:
|
|
|
|
- "{{ bind_ldd.stdout_lines }}"
|
|
|
|
- /usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so
|
|
|
|
register: install_libraries
|
|
|
|
notify: restart bind
|
2017-02-22 17:06:09 +01:00
|
|
|
|
|
|
|
- name: Copy bind
|
|
|
|
copy:
|
|
|
|
src: /usr/sbin/named
|
2017-04-06 11:45:49 +02:00
|
|
|
dest: "{{ bind_chroot_root }}/usr/sbin/"
|
2017-02-22 17:06:09 +01:00
|
|
|
remote_src: True
|
2017-04-06 14:22:17 +02:00
|
|
|
notify: restart bind
|
2017-02-22 17:06:09 +01:00
|
|
|
|
|
|
|
- name: Set the good rights
|
2017-04-06 14:22:17 +02:00
|
|
|
file:
|
|
|
|
path: "{{ bind_chroot_root }}"
|
|
|
|
owner: bind
|
|
|
|
group: bind
|
|
|
|
recurse: yes
|
|
|
|
notify: restart bind
|