feat: remove old zones files
This commit is contained in:
parent
62fd27111e
commit
3716a1ac8a
5 changed files with 76 additions and 9 deletions
|
|
@ -63,6 +63,7 @@ bind_zones:
|
|||
mail: root@hello.local
|
||||
serial: 2017092201
|
||||
dnssec: no
|
||||
state: disabled
|
||||
records:
|
||||
- { name: '@', type: ns, value: localhost. }
|
||||
- { name: hello, type: a, value: 4.3.2.1 }
|
||||
|
|
|
|||
|
|
@ -1,18 +1,44 @@
|
|||
- name: create zone folder
|
||||
file:
|
||||
path: '/etc/bind/zones/{{ item.key }}'
|
||||
owner: bind
|
||||
group: bind
|
||||
mode: 0755
|
||||
state: directory
|
||||
with_dict: '{{ bind_zones }}'
|
||||
when: item.value.state is not defined or item.value.state != 'absent'
|
||||
|
||||
- name: copy zone files
|
||||
template:
|
||||
src: db.j2
|
||||
dest: '/etc/bind/zones/db.{{ item.key }}'
|
||||
dest: '/etc/bind/zones/{{ item.key }}/db'
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
with_dict: '{{ bind_zones }}'
|
||||
register: zone
|
||||
when: item.value.state is not defined or item.value.state != 'absent'
|
||||
notify: reload bind
|
||||
|
||||
- name: dnssec sign
|
||||
shell: 'dnssec-signzone -3 $(head -n 1000 /dev/urandom | sha1sum | cut -b 1-16) -A -N INCREMENT -o {{ item.item.key }} -t /etc/bind/zones/db.{{ item.item.key }}'
|
||||
shell: 'dnssec-signzone -3 $(head -n 1000 /dev/urandom | sha1sum | cut -b 1-16) -A -N INCREMENT -o {{ item.item.key }} -t /etc/bind/zones/{{ item.item.key }}/db'
|
||||
args:
|
||||
chdir: /etc/bind/keys
|
||||
with_items: '{{ zone.results }}'
|
||||
when: item.changed and item.item.value.dnssec is defined and item.item.value.dnssec
|
||||
notify: reload bind
|
||||
|
||||
- name: get zones files
|
||||
find:
|
||||
path: /etc/bind/zones
|
||||
file_type: directory
|
||||
recurse: no
|
||||
register: zone_folders
|
||||
|
||||
- name: delete old zone file
|
||||
file:
|
||||
path: '{{ item.path }}'
|
||||
state: absent
|
||||
with_items: '{{ zone_folders.files }}'
|
||||
when: item.path|basename not in bind_zones or ('state' in bind_zones[item.path|basename] and bind_zones[item.path|basename].state == 'absent')
|
||||
|
||||
|
|
|
|||
|
|
@ -1,12 +1,13 @@
|
|||
# {{ ansible_managed }}
|
||||
{% for zone, value in bind_zones.iteritems() %}
|
||||
{% if 'state' not in value or value.state|lower not in ['disabled', 'absent'] %}
|
||||
|
||||
zone "{{ zone }}" IN {
|
||||
type master;
|
||||
{% if 'dnssec' in value and value.dnssec %}
|
||||
file "/etc/bind/zones/db.{{ zone }}.signed";
|
||||
file "/etc/bind/zones/{{ zone }}/db.signed";
|
||||
{% else %}
|
||||
file "/etc/bind/zones/db.{{ zone }}";
|
||||
file "/etc/bind/zones/{{ zone }}/db";
|
||||
{% endif %}
|
||||
{% if 'allow_transfer' in value and value.dnssec %}
|
||||
allow-transfer {
|
||||
|
|
@ -21,4 +22,5 @@ zone "{{ zone }}" IN {
|
|||
{% endfor %}
|
||||
{% endif %}
|
||||
};
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
|
|
|
|||
|
|
@ -38,6 +38,26 @@
|
|||
- { name: '@', type: ns, value: localhost. }
|
||||
- { name: '@', type: txt, value: RFufr9qzCi9vnJeWUB2FMNDCtu8ZtP6WE2jl2OFvIiz6pv2dwfzEXBgTC8SI1UzsmlkFYS7vxkHeYuOCLQ95BkOl0YP85ejQQlz8DNbcMcUdAoDtmlaZ9jeXnU7RgCXs5F9ggsmM9B6mFMhZWo1lzwsX86UAR5nw7rIO3cbGo9oUcMTShVFDkTPnoNhP7MTE0L4M99yv8ZLptmS2GP6goHXZgTdFIyYCdfziQgoENcloUI3KshDscsoh6H6I2LA }
|
||||
- { name: hello, type: a, value: 4.3.2.1 }
|
||||
disabled.local:
|
||||
ns_primary: ns1.disabled.local
|
||||
mail: root@disabled.local
|
||||
serial: 2017092201
|
||||
dnssec: no
|
||||
state: disabled
|
||||
records:
|
||||
- { name: '@', type: mx, priority: 20, value: mail.test.local. }
|
||||
absent.local:
|
||||
ns_primary: ns1.absent.local
|
||||
mail: root@absent.local
|
||||
serial: 2017092201
|
||||
dnssec: no
|
||||
state: absent
|
||||
records:
|
||||
- { name: '@', type: mx, priority: 20, value: mail.test.local. }
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
roles:
|
||||
- ansible-role-bind
|
||||
|
|
|
|||
|
|
@ -17,11 +17,18 @@ puts '================================'
|
|||
end
|
||||
|
||||
%w[
|
||||
db.test.local
|
||||
db.test.local.signed
|
||||
db.hello.local
|
||||
].each do |file|
|
||||
describe file("/etc/bind/zones/#{file}") do
|
||||
test.local
|
||||
hello.local
|
||||
disabled.local
|
||||
].each do |zone|
|
||||
describe file("/etc/bind/zones/#{zone}") do
|
||||
it { should be_directory }
|
||||
it { should be_mode 755 }
|
||||
it { should be_owned_by 'bind' }
|
||||
it { should be_grouped_into 'bind' }
|
||||
end
|
||||
|
||||
describe file("/etc/bind/zones/#{zone}/db") do
|
||||
it { should be_file }
|
||||
it { should be_mode 644 }
|
||||
it { should be_owned_by 'root' }
|
||||
|
|
@ -29,6 +36,17 @@ end
|
|||
end
|
||||
end
|
||||
|
||||
describe file('/etc/bind/zones/test.local/db.signed') do
|
||||
it { should be_file }
|
||||
it { should be_mode 644 }
|
||||
it { should be_owned_by 'root' }
|
||||
it { should be_grouped_into 'root' }
|
||||
end
|
||||
|
||||
describe file('/etc/bind/zones/absent.local') do
|
||||
it { should_not exist }
|
||||
end
|
||||
|
||||
describe file('/etc/bind/named.conf.local') do
|
||||
it { should be_file }
|
||||
it { should be_mode 644 }
|
||||
|
|
|
|||
Loading…
Reference in a new issue