forked from evolix/ansible-roles
yaml lint and quoting standardisation for bind role
This commit is contained in:
parent
2bbebded9e
commit
6118dda7c9
|
@ -2,8 +2,8 @@
|
||||||
bind_recursive_server: false
|
bind_recursive_server: false
|
||||||
bind_authoritative_server: true
|
bind_authoritative_server: true
|
||||||
bind_chroot_set: true
|
bind_chroot_set: true
|
||||||
bind_chroot_path: /var/chroot-bind
|
bind_chroot_path: '/var/chroot-bind'
|
||||||
bind_systemd_service_path: /etc/systemd/system/bind9.service
|
bind_systemd_service_path: '/etc/systemd/system/bind9.service'
|
||||||
bind_statistics_file: /var/run/named.stats
|
bind_statistics_file: '/var/run/named.stats'
|
||||||
bind_log_file: /var/log/bind.log
|
bind_log_file: '/var/log/bind.log'
|
||||||
bind_query_file: /var/log/bind_queries.log
|
bind_query_file: '/var/log/bind_queries.log'
|
||||||
|
|
|
@ -1,14 +1,13 @@
|
||||||
---
|
---
|
||||||
- name: reload systemd
|
- name: 'reload systemd'
|
||||||
command: systemctl daemon-reload
|
command: 'systemctl daemon-reload'
|
||||||
|
|
||||||
- name: restart bind
|
- name: 'restart bind'
|
||||||
service:
|
service:
|
||||||
name: bind9
|
name: 'bind9'
|
||||||
state: restarted
|
state: 'restarted'
|
||||||
|
|
||||||
- name: restart munin-node
|
- name: 'restart munin-node'
|
||||||
service:
|
service:
|
||||||
name: munin-node
|
name: 'munin-node'
|
||||||
state: restarted
|
state: 'restarted'
|
||||||
|
|
||||||
|
|
|
@ -1,84 +1,86 @@
|
||||||
- name: package are installed
|
---
|
||||||
|
|
||||||
|
- name: 'packages are installed'
|
||||||
apt:
|
apt:
|
||||||
name: '{{ item }}'
|
name: '{{ item }}'
|
||||||
state: present
|
state: 'present'
|
||||||
with_items:
|
with_items:
|
||||||
- bind9
|
- 'bind9'
|
||||||
- dnstop
|
- 'dnstop'
|
||||||
|
|
||||||
- name: Set bind configuration for recursive server
|
- name: 'Set bind configuration for recursive server'
|
||||||
template:
|
template:
|
||||||
src: named.conf.options_recursive.j2
|
src: 'named.conf.options_recursive.j2'
|
||||||
dest: /etc/bind/named.conf.options
|
dest: '/etc/bind/named.conf.options'
|
||||||
owner: bind
|
owner: 'bind'
|
||||||
group: bind
|
group: 'bind'
|
||||||
mode: "0644"
|
mode: '0644'
|
||||||
force: true
|
force: true
|
||||||
notify: restart bind
|
notify: 'restart bind'
|
||||||
when: bind_recursive_server
|
when: bind_recursive_server
|
||||||
|
|
||||||
- name: enable zones.rfc1918 for recursive server
|
- name: 'enable zones.rfc1918 for recursive server'
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/bind/named.conf.local
|
dest: '/etc/bind/named.conf.local'
|
||||||
line: 'include "/etc/bind/zones.rfc1918";'
|
line: 'include "/etc/bind/zones.rfc1918";'
|
||||||
regexp: "zones.rfc1918"
|
regexp: 'zones.rfc1918'
|
||||||
notify: restart bind
|
notify: 'restart bind'
|
||||||
when: bind_recursive_server
|
when: bind_recursive_server
|
||||||
|
|
||||||
- name: Set bind configuration for authoritative server
|
- name: 'Set bind configuration for authoritative server'
|
||||||
template:
|
template:
|
||||||
src: named.conf.options_authoritative.j2
|
src: 'named.conf.options_authoritative.j2'
|
||||||
dest: /etc/bind/named.conf.options
|
dest: '/etc/bind/named.conf.options'
|
||||||
owner: bind
|
owner: 'bind'
|
||||||
group: bind
|
group: 'bind'
|
||||||
mode: "0644"
|
mode: '0644'
|
||||||
force: true
|
force: true
|
||||||
notify: restart bind
|
notify: 'restart bind'
|
||||||
when: bind_authoritative_server
|
when: bind_authoritative_server
|
||||||
|
|
||||||
- name: Create systemd service
|
- name: 'Create systemd service'
|
||||||
template:
|
template:
|
||||||
src: bind9.service.j2
|
src: 'bind9.service.j2'
|
||||||
dest: "{{ bind_systemd_service_path }}"
|
dest: "{{ bind_systemd_service_path }}"
|
||||||
owner: root
|
owner: 'root'
|
||||||
group: root
|
group: 'root'
|
||||||
mode: "0644"
|
mode: '0644'
|
||||||
force: true
|
force: true
|
||||||
notify:
|
notify:
|
||||||
- reload systemd
|
- 'reload systemd'
|
||||||
- restart bind
|
- 'restart bind'
|
||||||
when: ansible_distribution_release == "jessie"
|
when: ansible_distribution_release == "jessie"
|
||||||
|
|
||||||
- name: touch /var/log/bind.log if non chroot
|
- name: 'touch /var/log/bind.log if non chroot'
|
||||||
file:
|
file:
|
||||||
path: /var/log/bind.log
|
path: '/var/log/bind.log'
|
||||||
owner: bind
|
owner: 'bind'
|
||||||
group: adm
|
group: 'adm'
|
||||||
mode: "0640"
|
mode: '0640'
|
||||||
state: touch
|
state: 'touch'
|
||||||
when: not bind_chroot_set
|
when: not bind_chroot_set
|
||||||
|
|
||||||
- name: touch /var/log/bind_queries.log if non chroot
|
- name: 'touch /var/log/bind_queries.log if non chroot'
|
||||||
file:
|
file:
|
||||||
path: /var/log/bind_queries.log
|
path: '/var/log/bind_queries.log'
|
||||||
owner: bind
|
owner: 'bind'
|
||||||
group: adm
|
group: 'adm'
|
||||||
mode: "0640"
|
mode: '0640'
|
||||||
state: touch
|
state: 'touch'
|
||||||
when: not bind_chroot_set
|
when: not bind_chroot_set
|
||||||
|
|
||||||
- name: send chroot-bind.sh in /root
|
- name: 'send chroot-bind.sh in /root'
|
||||||
copy:
|
copy:
|
||||||
src: chroot-bind.sh
|
src: 'chroot-bind.sh'
|
||||||
dest: /root/chroot-bind.sh
|
dest: '/root/chroot-bind.sh'
|
||||||
mode: "0700"
|
mode: '0700'
|
||||||
owner: root
|
owner: 'root'
|
||||||
force: true
|
force: true
|
||||||
backup: true
|
backup: true
|
||||||
when: bind_chroot_set
|
when: bind_chroot_set
|
||||||
|
|
||||||
- name: exec chroot-bind.sh
|
- name: 'exec chroot-bind.sh'
|
||||||
command: "/root/chroot-bind.sh"
|
command: '/root/chroot-bind.sh'
|
||||||
register: chrootbind_run
|
register: chrootbind_run
|
||||||
changed_when: false
|
changed_when: false
|
||||||
when: bind_chroot_set
|
when: bind_chroot_set
|
||||||
|
@ -87,34 +89,34 @@
|
||||||
var: chrootbind_run.stdout_lines
|
var: chrootbind_run.stdout_lines
|
||||||
when: bind_chroot_set and chrootbind_run.stdout != ""
|
when: bind_chroot_set and chrootbind_run.stdout != ""
|
||||||
|
|
||||||
- name: Modify OPTIONS in /etc/default/bind9 for chroot
|
- name: 'Modify OPTIONS in /etc/default/bind9 for chroot'
|
||||||
replace:
|
replace:
|
||||||
dest: /etc/default/bind9
|
dest: '/etc/default/bind9'
|
||||||
regexp: '^OPTIONS=.*'
|
regexp: '^OPTIONS=.*'
|
||||||
replace: 'OPTIONS="-u bind -t {{ bind_chroot_path }}"'
|
replace: 'OPTIONS="-u bind -t {{ bind_chroot_path }}"'
|
||||||
notify: restart bind
|
notify: 'restart bind'
|
||||||
when: bind_chroot_set
|
when: bind_chroot_set
|
||||||
|
|
||||||
- name: logrotate for non chroot bind
|
- name: 'logrotate for non chroot bind'
|
||||||
template:
|
template:
|
||||||
src: logrotate_bind
|
src: 'logrotate_bind'
|
||||||
dest: /etc/logrotate.d/bind9
|
dest: '/etc/logrotate.d/bind9'
|
||||||
owner: root
|
owner: 'root'
|
||||||
group: root
|
group: 'root'
|
||||||
mode: "0644"
|
mode: '0644'
|
||||||
force: true
|
force: true
|
||||||
notify: restart bind
|
notify: 'restart bind'
|
||||||
when: not bind_chroot_set
|
when: not bind_chroot_set
|
||||||
|
|
||||||
- name: logrotate for chroot bind
|
- name: 'logrotate for chroot bind'
|
||||||
template:
|
template:
|
||||||
src: logrotate_bind_chroot.j2
|
src: 'logrotate_bind_chroot.j2'
|
||||||
dest: /etc/logrotate.d/bind9
|
dest: '/etc/logrotate.d/bind9'
|
||||||
owner: root
|
owner: 'root'
|
||||||
group: root
|
group: 'root'
|
||||||
mode: "0644"
|
mode: '0644'
|
||||||
force: true
|
force: true
|
||||||
notify: restart bind
|
notify: 'restart bind'
|
||||||
when: bind_chroot_set
|
when: bind_chroot_set
|
||||||
|
|
||||||
- include: munin.yml
|
- include: 'munin.yml'
|
||||||
|
|
|
@ -1,23 +1,23 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: is Munin present ?
|
- name: 'is Munin present ?'
|
||||||
stat:
|
stat:
|
||||||
path: /etc/munin/plugin-conf.d/munin-node
|
path: '/etc/munin/plugin-conf.d/munin-node'
|
||||||
check_mode: false
|
check_mode: false
|
||||||
register: munin_node_plugins_config
|
register: munin_node_plugins_config
|
||||||
tags:
|
tags:
|
||||||
- bind
|
- bind
|
||||||
- munin
|
- munin
|
||||||
|
|
||||||
- name: Enable munin plugins for authoritative server
|
- name: 'Enable munin plugins for authoritative server'
|
||||||
file:
|
file:
|
||||||
src: "/usr/share/munin/plugins/{{ item }}"
|
src: "/usr/share/munin/plugins/{{ item }}"
|
||||||
dest: "/etc/munin/plugins/{{ item }}"
|
dest: "/etc/munin/plugins/{{ item }}"
|
||||||
state: link
|
state: 'link'
|
||||||
with_items:
|
with_items:
|
||||||
- bind9
|
- 'bind9'
|
||||||
- bind9_rndc
|
- 'bind9_rndc'
|
||||||
notify: restart munin-node
|
notify: 'restart munin-node'
|
||||||
when:
|
when:
|
||||||
- bind_authoritative_server
|
- bind_authoritative_server
|
||||||
- munin_node_plugins_config.stat.exists
|
- munin_node_plugins_config.stat.exists
|
||||||
|
@ -25,15 +25,15 @@
|
||||||
- bind
|
- bind
|
||||||
- munin
|
- munin
|
||||||
|
|
||||||
- name: Enable munin plugins for recursive server
|
- name: 'Enable munin plugins for recursive server'
|
||||||
file:
|
file:
|
||||||
src: "/usr/share/munin/plugins/{{ item }}"
|
src: "/usr/share/munin/plugins/{{ item }}"
|
||||||
dest: "/etc/munin/plugins/{{ item }}"
|
dest: "/etc/munin/plugins/{{ item }}"
|
||||||
state: link
|
state: 'link'
|
||||||
with_items:
|
with_items:
|
||||||
- bind9
|
- 'bind9'
|
||||||
- bind9_rndc
|
- 'bind9_rndc'
|
||||||
notify: restart munin-node
|
notify: 'restart munin-node'
|
||||||
when:
|
when:
|
||||||
- bind_recursive_server
|
- bind_recursive_server
|
||||||
- munin_node_plugins_config.stat.exists
|
- munin_node_plugins_config.stat.exists
|
||||||
|
@ -41,15 +41,15 @@
|
||||||
- bind
|
- bind
|
||||||
- munin
|
- munin
|
||||||
|
|
||||||
- name: Add munin plugin configuration
|
- name: 'Add munin plugin configuration'
|
||||||
template:
|
template:
|
||||||
src: munin-env_bind9.j2
|
src: 'munin-env_bind9.j2'
|
||||||
dest: /etc/munin/plugin-conf.d/bind9
|
dest: '/etc/munin/plugin-conf.d/bind9'
|
||||||
owner: root
|
owner: 'root'
|
||||||
group: root
|
group: 'root'
|
||||||
mode: "0644"
|
mode: '0644'
|
||||||
force: true
|
force: true
|
||||||
notify: restart munin-node
|
notify: 'restart munin-node'
|
||||||
when: munin_node_plugins_config.stat.exists
|
when: munin_node_plugins_config.stat.exists
|
||||||
tags:
|
tags:
|
||||||
- bind
|
- bind
|
||||||
|
|
Loading…
Reference in a new issue