feat: split main file

This commit is contained in:
Adrien Waksberg 2018-03-28 17:45:57 +02:00
parent 76f6121fa6
commit dff7e4adc0
4 changed files with 66 additions and 86 deletions

45
tasks/base.yml Normal file
View file

@ -0,0 +1,45 @@
- name: install packages for bind9
apt:
name: '{{ item }}'
state: present
with_items:
- bind9
- bind9-host
- cron
- name: create zone directory
file:
path: /etc/bind/zones
owner: bind
group: bind
mode: 0700
state: directory
- name: create log directory
file:
path: /var/log/named
owner: bind
group: bind
mode: 0700
state: directory
- name: copy bind configuration files
template:
src: '{{ item }}.j2'
dest: '/etc/bind/{{ item }}'
owner: root
group: root
mode: 0644
with_items:
- named.conf
- named.conf.options
- named.conf.local
notify: restart bind
- name: create keys directory
file:
path: /etc/bind/keys
owner: root
group: bind
mode: 0750
state: directory

View file

@ -4,7 +4,6 @@
with_dict: '{{ bind_zones }}' with_dict: '{{ bind_zones }}'
when: item.value.dnssec is defined and item.value.dnssec when: item.value.dnssec is defined and item.value.dnssec
register: st register: st
tags: bind
- name: generated keys for dnssec 1/2 - name: generated keys for dnssec 1/2
shell: 'dnssec-keygen -a RSASHA256 -b 2048 -r /dev/urandom -n ZONE {{ item.item.key }}' shell: 'dnssec-keygen -a RSASHA256 -b 2048 -r /dev/urandom -n ZONE {{ item.item.key }}'
@ -13,7 +12,6 @@
with_items: '{{ st.results }}' with_items: '{{ st.results }}'
when: item.stat is defined and not item.stat.exists when: item.stat is defined and not item.stat.exists
register: stdout register: stdout
tags: bind
- name: move key file 1/2 - name: move key file 1/2
copy: copy:
@ -27,7 +25,6 @@
- '{{ stdout.results }}' - '{{ stdout.results }}'
- ['key', 'private'] - ['key', 'private']
when: not item[0].skipped is defined when: not item[0].skipped is defined
tags: bind
- name: link key file 1/2 - name: link key file 1/2
file: file:
@ -40,7 +37,6 @@
- '{{ stdout.results }}' - '{{ stdout.results }}'
- ['key', 'private'] - ['key', 'private']
when: not item[0].skipped is defined when: not item[0].skipped is defined
tags: bind
- name: remove old key file 1/2 - name: remove old key file 1/2
file: file:
@ -50,7 +46,6 @@
- '{{ stdout.results }}' - '{{ stdout.results }}'
- ['key', 'private'] - ['key', 'private']
when: not item[0].skipped is defined when: not item[0].skipped is defined
tags: bind
- name: generated keys for dnssec 2/2 - name: generated keys for dnssec 2/2
shell: 'dnssec-keygen -f KSK -a RSASHA256 -b 4096 -r /dev/urandom -n ZONE {{ item.item.key }}' shell: 'dnssec-keygen -f KSK -a RSASHA256 -b 4096 -r /dev/urandom -n ZONE {{ item.item.key }}'
@ -59,7 +54,6 @@
with_items: '{{ st.results }}' with_items: '{{ st.results }}'
when: item.stat is defined and not item.stat.exists when: item.stat is defined and not item.stat.exists
register: stdout register: stdout
tags: bind
- name: move key file 2/2 - name: move key file 2/2
copy: copy:
@ -73,7 +67,6 @@
- '{{ stdout.results }}' - '{{ stdout.results }}'
- ['key', 'private'] - ['key', 'private']
when: not item[0].skipped is defined when: not item[0].skipped is defined
tags: bind
- name: link key file 2/2 - name: link key file 2/2
file: file:
@ -86,7 +79,6 @@
- '{{ stdout.results }}' - '{{ stdout.results }}'
- ['key', 'private'] - ['key', 'private']
when: not item[0].skipped is defined when: not item[0].skipped is defined
tags: bind
- name: remove old key file 2/2 - name: remove old key file 2/2
file: file:
@ -96,4 +88,3 @@
- '{{ stdout.results }}' - '{{ stdout.results }}'
- ['key', 'private'] - ['key', 'private']
when: not item[0].skipped is defined when: not item[0].skipped is defined
tags: bind

View file

@ -1,87 +1,13 @@
- name: install packages for bind9 - include: base.yml
apt:
name: '{{ item }}'
state: present
with_items:
- bind9
- bind9-host
- cron
tags: bind
- name: create zone directory
file:
path: /etc/bind/zones
owner: bind
group: bind
mode: 0700
state: directory
tags: bind
- name: create log directory
file:
path: /var/log/named
owner: bind
group: bind
mode: 0700
state: directory
tags: bind
- name: copy bind configuration files
template:
src: '{{ item }}.j2'
dest: '/etc/bind/{{ item }}'
owner: root
group: root
mode: 0644
with_items:
- named.conf
- named.conf.options
- named.conf.local
notify: restart bind
tags: bind
- name: create keys directory
file:
path: /etc/bind/keys
owner: root
group: bind
mode: 0750
state: directory
tags: bind tags: bind
- include: keys.yml - include: keys.yml
when: bind_role == 'master' when: bind_role == 'master'
- name: copy zone files
template:
src: db.j2
dest: '/etc/bind/zones/db.{{ item.key }}'
owner: root
group: root
mode: 0644
with_dict: '{{ bind_zones }}'
register: zone
notify: reload bind
tags: bind tags: bind
- name: dnssec sign - include: zones.yml
shell: 'dnssec-signzone -3 $(head -n 1000 /dev/urandom | sha1sum | cut -b 1-16) -A -N INCREMENT -o {{ item.item.key }} -t /etc/bind/zones/db.{{ item.item.key }}'
args:
chdir: /etc/bind/keys
with_items: '{{ zone.results }}'
when: item.changed and item.item.value.dnssec is defined and item.item.value.dnssec
notify: reload bind
tags: bind tags: bind
- name: add cron dnssec
template:
src: dnssec.j2
dest: /etc/cron.weekly/dnssec
owner: root
group: root
mode: 0700
tags: bind
- name: enable and start bind9 - name: enable and start bind9
service: service:
name: bind9 name: bind9

18
tasks/zones.yml Normal file
View file

@ -0,0 +1,18 @@
- name: copy zone files
template:
src: db.j2
dest: '/etc/bind/zones/db.{{ item.key }}'
owner: root
group: root
mode: 0644
with_dict: '{{ bind_zones }}'
register: zone
notify: reload bind
- name: dnssec sign
shell: 'dnssec-signzone -3 $(head -n 1000 /dev/urandom | sha1sum | cut -b 1-16) -A -N INCREMENT -o {{ item.item.key }} -t /etc/bind/zones/db.{{ item.item.key }}'
args:
chdir: /etc/bind/keys
with_items: '{{ zone.results }}'
when: item.changed and item.item.value.dnssec is defined and item.item.value.dnssec
notify: reload bind