nishiki/ansible-role-bind
1
0
Fork 0
Code Issues Pull requests Releases 2 Activity Actions

chore: fix syntax for ansible-lint

Browse source
This commit is contained in:
Adrien Waksberg 2023-06-30 11:16:45 +02:00
parent 02016bdaac
commit 2ec8fbfa46
5 changed files with 66 additions and 69 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
handlers/main.yml
View file

@ -1,10 +1,10 @@
--- ---
- name: restart bind - name: Restart bind
service: ansible.builtin.service:
name: bind9 name: bind9
state: restarted state: restarted
- name: reload bind - name: Reload bind
service: ansible.builtin.service:
name: bind9 name: bind9
state: reloaded state: reloaded

40
tasks/base.yml
View file

@ -1,38 +1,32 @@
--- ---
- name: install packages for bind9 - name: Install packages for bind9
apt: ansible.builtin.package:
name: '{{ packages }}' name:
state: present
vars:
packages:
- bind9 - bind9
- bind9-host - bind9-host
- cron - cron
register: result state: present
retries: 3
delay: 1
until: result is success
- name: create zone directory - name: Create zone directory
file: ansible.builtin.file:
path: /etc/bind/zones path: /etc/bind/zones
owner: bind owner: bind
group: bind group: bind
mode: 0700 mode: 0700
state: directory state: directory
- name: create log directory - name: Create log directory
file: ansible.builtin.file:
path: /var/log/named path: /var/log/named
owner: bind owner: bind
group: bind group: bind
mode: 0700 mode: 0700
state: directory state: directory
- name: copy bind configuration files - name: Copy bind configuration files
template: ansible.builtin.template:
src: '{{ item }}.j2' src: "{{ item }}.j2"
dest: '/etc/bind/{{ item }}' dest: "/etc/bind/{{ item }}"
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
@ -40,18 +34,18 @@
- named.conf - named.conf
- named.conf.options - named.conf.options
- named.conf.local - named.conf.local
notify: restart bind notify: Restart bind
- name: create keys directory - name: Create keys directory
file: ansible.builtin.file:
path: /etc/bind/keys path: /etc/bind/keys
owner: root owner: root
group: bind group: bind
mode: 0750 mode: 0750
state: directory state: directory
- name: add cron dnssec - name: Add cron dnssec
template: ansible.builtin.template:
src: dnssec.j2 src: dnssec.j2
dest: /etc/cron.weekly/dnssec dest: /etc/cron.weekly/dnssec
owner: root owner: root

12
tasks/keys.yml
View file

@ -1,6 +1,6 @@
--- ---
- name: copy private key - name: Copy private key
copy: ansible.builtin.copy:
dest: "/etc/bind/keys/K{{ item.0 }}.\ dest: "/etc/bind/keys/K{{ item.0 }}.\
+{{ '00{}'.format(bind_dnssec[item.0][item.1].algorithm)[-3:] }}\ +{{ '00{}'.format(bind_dnssec[item.0][item.1].algorithm)[-3:] }}\
+{{ bind_dnssec[item.0][item.1].tag }}.private" +{{ bind_dnssec[item.0][item.1].tag }}.private"
@ -9,14 +9,14 @@
group: bind group: bind
mode: 0640 mode: 0640
no_log: true no_log: true
loop: '{{ bind_dnssec|product(file_ext)|list }}' loop: '{{ bind_dnssec | product(file_ext) | list }}'
vars: vars:
file_ext: file_ext:
- ksk - ksk
- zsk - zsk
- name: copy public key - name: Copy public key
template: ansible.builtin.template:
src: public.key.j2 src: public.key.j2
dest: "/etc/bind/keys/K{{ item.0 }}.\ dest: "/etc/bind/keys/K{{ item.0 }}.\
+{{ '00{}'.format(bind_dnssec[item.0][item.1].algorithm)[-3:] }}\ +{{ '00{}'.format(bind_dnssec[item.0][item.1].algorithm)[-3:] }}\
@ -25,7 +25,7 @@
group: bind group: bind
mode: 0640 mode: 0640
no_log: true no_log: true
loop: '{{ bind_dnssec|product(file_ext)|list }}' loop: '{{ bind_dnssec | product(file_ext) | list }}'
vars: vars:
file_ext: file_ext:
- ksk - ksk

15
tasks/main.yml
View file

@ -1,16 +1,19 @@
--- ---
- import_tasks: base.yml - name: Import base tasks
ansible.builtin.import_tasks: base.yml
tags: bind tags: bind
- import_tasks: keys.yml - name: Import keys tasks
ansible.builtin.import_tasks: keys.yml
tags: bind tags: bind
- import_tasks: zones.yml - name: Import zones tasks
ansible.builtin.import_tasks: zones.yml
tags: bind tags: bind
- name: enable and start bind9 - name: Enable and start bind9
service: ansible.builtin.service:
name: bind9 name: bind9
enabled: yes enabled: true
state: started state: started
tags: bind tags: bind

60
tasks/zones.yml
View file

@ -1,64 +1,64 @@
--- ---
- name: set fact bind_zone_play if it empty - name: Set fact bind_zone_play if it empty
set_fact: ansible.builtin.set_fact:
bind_zones_play: '{{ bind_zones_play|default([]) + [ item ] }}' bind_zones_play: "{{ bind_zones_play | default([]) + [item] }}"
loop: '{{ bind_zones|dict2items }}' loop: "{{ bind_zones | dict2items }}"
loop_control: loop_control:
label: '{{ item.key }}' label: "{{ item.key }}"
when: > when: >
(item.value.state is not defined or item.value.state != 'absent') (item.value.state is not defined or item.value.state != "absent")
and (bind_zones_subset is not defined or item.key in bind_zones_subset) and (bind_zones_subset is not defined or item.key in bind_zones_subset)
- name: create zone folder - name: Create zone folder
file: ansible.builtin.file:
path: '/etc/bind/zones/{{ item.key }}' path: "/etc/bind/zones/{{ item.key }}"
owner: bind owner: bind
group: bind group: bind
mode: 0755 mode: 0755
state: directory state: directory
loop_control: loop_control:
label: '{{ item.key }}' label: "{{ item.key }}"
loop: '{{ bind_zones_play }}' loop: "{{ bind_zones_play }}"
- name: copy zone files - name: Copy zone files
template: ansible.builtin.template:
src: db.j2 src: db.j2
dest: '/etc/bind/zones/{{ item.key }}/db' dest: "/etc/bind/zones/{{ item.key }}/db"
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
loop: '{{ bind_zones_play }}' loop: "{{ bind_zones_play }}"
loop_control: loop_control:
label: '{{ item.key }}' label: "{{ item.key }}"
register: zone register: zone
notify: reload bind notify: Reload bind
- name: dnssec sign - name: Dnssec sign # noqa risky-shell-pipe no-changed-when
shell: > ansible.builtin.shell: >
dnssec-signzone -3 $(head -n 1000 /dev/urandom | sha1sum | cut -b 1-16) -A -N INCREMENT dnssec-signzone -3 $(head -n 1000 /dev/urandom | sha1sum | cut -b 1-16) -A -N INCREMENT
-o {{ item.item.key }} -t /etc/bind/zones/{{ item.item.key }}/db -o {{ item.item.key }} -t /etc/bind/zones/{{ item.item.key }}/db
args: args:
chdir: /etc/bind/keys chdir: /etc/bind/keys
loop: '{{ zone.results }}' loop: "{{ zone.results }}"
loop_control: loop_control:
label: '{{ item.item.key }}' label: "{{ item.item.key }}"
when: item.item.key in bind_dnssec and item.changed when: item.item.key in bind_dnssec and item.changed
notify: reload bind notify: Reload bind
- name: get zones files - name: Get zones files
find: ansible.builtin.find:
path: /etc/bind/zones path: /etc/bind/zones
file_type: directory file_type: directory
recurse: no recurse: no
register: zone_folders register: zone_folders
- name: delete old zone file - name: Delete old zone file
file: ansible.builtin.file:
path: '{{ item.path }}' path: "{{ item.path }}"
state: absent state: absent
loop: '{{ zone_folders.files }}' loop: "{{ zone_folders.files }}"
loop_control: loop_control:
label: '{{ item.path|basename }}' label: "{{ item.path | basename }}"
when: > when: >
item.path|basename not in bind_zones or item.path|basename not in bind_zones or
('state' in bind_zones[item.path|basename] and bind_zones[item.path|basename].state == 'absent') ("state" in bind_zones[item.path | basename] and bind_zones[item.path | basename].state == "absent")