nishiki/ansible-role-bind
1
0
Fork 0
Code Issues Pull requests Releases 2 Activity Actions

feat: add bind_zones_subnet for extra-vars

Browse source
This commit is contained in:
Adrien Waksberg 2018-05-26 09:51:21 +02:00
parent 052f1badd3
commit 346b771c9f
6 changed files with 119 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.kitchen.yml
View file

@ -25,3 +25,8 @@ platforms:
suites: suites:
- name: bind - name: bind
- name: bind-zones-subset
provisioner:
extra_vars:
bind_zones_subset:
- test.local

9
.travis.yml
View file

@ -13,9 +13,12 @@ before_install:
- bundle install - bundle install
script: script:
- kitchen conv - kitchen conv bind
- kitchen conv | grep changed=0 - kitchen conv bind | grep changed=0
- kitchen verify - kitchen verify bind
- kitchen conv bind-zones-subset
- kitchen conv bind-zones-subset | grep changed=0
- kitchen verify bind-zones-subset
notifications: notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/ webhooks: https://galaxy.ansible.com/api/v1/notifications/

1
README.md
View file

@ -22,6 +22,7 @@ This role can work on Debian derived OS, but it's not our priority.
* `bind_role` - the role `master` or `slave`, don't generate dnssec key on `slave` * `bind_role` - the role `master` or `slave`, don't generate dnssec key on `slave`
* `bind_options` - hash general bind options * `bind_options` - hash general bind options
* `bind_zones` - the dns zones * `bind_zones` - the dns zones
* `bind_zones_subset` array to use in `extra-vars` with the list zones to update
* `bind_listen_ipv4` - enable or disable ip v4 support (default: true) * `bind_listen_ipv4` - enable or disable ip v4 support (default: true)
* `bind_listen_ipv6` - enable or disable ip v6 support (default: true) * `bind_listen_ipv6` - enable or disable ip v6 support (default: true)

11
tasks/zones.yml
View file

@ -1,3 +1,8 @@
- set_fact:
bind_zones_play: '{{ bind_zones_play|default([]) + [ item ] }}'
with_dict: '{{ bind_zones }}'
when: (item.value.state is not defined or item.value.state != 'absent') and (bind_zones_subset is not defined or item.key in bind_zones_subset)
- name: create zone folder - name: create zone folder
file: file:
path: '/etc/bind/zones/{{ item.key }}' path: '/etc/bind/zones/{{ item.key }}'
@ -5,8 +10,7 @@
group: bind group: bind
mode: 0755 mode: 0755
state: directory state: directory
with_dict: '{{ bind_zones }}' with_items: '{{ bind_zones_play }}'
when: item.value.state is not defined or item.value.state != 'absent'
- name: copy zone files - name: copy zone files
template: template:
@ -15,9 +19,8 @@
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
with_dict: '{{ bind_zones }}' with_items: '{{ bind_zones_play }}'
register: zone register: zone
when: item.value.state is not defined or item.value.state != 'absent'
notify: reload bind notify: reload bind
- name: dnssec sign - name: dnssec sign

1
test/integration/bind-zones-subset/default.yml Symbolic link
View file

@ -0,0 +1 @@
../bind/default.yml

99
test/integration/bind-zones-subset/serverspec/bind_spec.rb Normal file
View file

@ -0,0 +1,99 @@
require 'serverspec'
set :backend, :exec
puts
puts '================================'
puts %x(ansible --version)
puts '================================'
%w[
bind9
cron
].each do |package|
describe package(package) do
it { should be_installed }
end
end
describe file('/etc/bind/zones/test.local') do
it { should be_directory }
it { should be_mode 755 }
it { should be_owned_by 'bind' }
it { should be_grouped_into 'bind' }
end
describe file('/etc/bind/zones/test.local/db') do
it { should be_file }
it { should be_mode 644 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
describe file('/etc/bind/zones/test.local/db.signed') do
it { should be_file }
it { should be_mode 644 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
%w[
absent.local
hello.local
disabled.local
].each do |zone|
describe file("/etc/bind/zones/#{zone}") do
it { should_not exist }
end
end
describe file('/etc/bind/named.conf.local') do
it { should be_file }
it { should be_mode 644 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
it { should contain '4.2.2.4' }
it { should contain 'inline-signing yes;' }
end
describe file('/etc/bind/named.conf.options') do
it { should be_file }
it { should be_mode 644 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
it { should contain 'listen-on { any; };' }
it { should contain 'listen-on-v6 { none; };' }
it { should contain 'server-id "1";' }
end
describe service('bind9') do
it { should be_enabled }
it { should be_running.under('systemd') }
end
describe port(53) do
it { should be_listening.with('tcp') }
it { should be_listening.with('udp') }
end
describe command('dig +nocmd +noall +answer +dnssec hello.test.local @127.0.0.1') do
its(:exit_status) { should eq 0 }
its(:stdout) { should contain(/hello\.test\.local\.\s+300\s+IN\s+A\s+1\.2\.3\.4/) }
its(:stdout) { should contain(/hello\.test\.local\.\s+300\s+IN\s+RRSIG\s+A /) }
end
describe command('dig +nocmd +noall +answer -t mx test.local @127.0.0.1') do
its(:exit_status) { should eq 0 }
its(:stdout) { should contain(/test\.local\.\s+3600\s+IN\s+MX\s+20 mail\.test\.local\./) }
end
describe command('dig +nocmd +noall +answer -t srv hello.test.local @127.0.0.1') do
its(:exit_status) { should eq 0 }
its(:stdout) { should contain(/hello\.test\.local\.\s+3600\s+IN\s+SRV\s+0\s+5\s+80\s+www\.test\.local\.$/) }
end
describe command('dig +nocmd +noall +answer -t caa hello.test.local @127.0.0.1') do
its(:exit_status) { should eq 0 }
its(:stdout) { should contain(/hello\.test\.local\.\s+3600\s+IN\s+CAA\s+0 issue "letsencrypt\.org"/) }
its(:stdout) { should contain(/hello\.test\.local\.\s+3600\s+IN\s+CAA\s+0 iodef "mailto:root@test\.local"/) }
end