ansible-role-bind/tasks/main.yml
2018-01-19 22:59:57 +01:00

90 lines
1.7 KiB
YAML

- name: install packages for bind9
apt:
name: '{{ item }}'
state: present
with_items:
- bind9
- bind9-host
- cron
tags: bind
- name: create zone directory
file:
path: /etc/bind/zones
owner: bind
group: bind
mode: 0700
state: directory
tags: bind
- name: create log directory
file:
path: /var/log/named
owner: bind
group: bind
mode: 0700
state: directory
tags: bind
- name: copy bind configuration files
template:
src: '{{ item }}.j2'
dest: '/etc/bind/{{ item }}'
owner: root
group: root
mode: 0644
with_items:
- named.conf
- named.conf.options
- named.conf.local
notify: restart bind
tags: bind
- name: create keys directory
file:
path: /etc/bind/keys
owner: root
group: bind
mode: 0750
state: directory
tags: bind
- include: keys.yml
when: bind_role == 'master'
- name: copy zone files
template:
src: db.j2
dest: '/etc/bind/zones/db.{{ item.key }}'
owner: root
group: root
mode: 0644
with_dict: '{{ bind_zones }}'
register: zone
notify: reload bind
tags: bind
- name: dnssec sign
shell: 'dnssec-signzone -3 $(head -n 1000 /dev/urandom | sha1sum | cut -b 1-16) -A -N INCREMENT -o {{ item.item.key }} -t /etc/bind/zones/db.{{ item.item.key }}'
args:
chdir: /etc/bind/keys
with_items: '{{ zone.results }}'
when: item.changed and item.item.value.dnssec is defined and item.item.value.dnssec
notify: reload bind
tags: bind
- name: add cron dnssec
template:
src: dnssec.j2
dest: /etc/cron.weekly/dnssec
owner: root
group: root
mode: 0700
tags: bind
- name: enable and start bind9
service:
name: bind9
enabled: yes
state: started
tags: bind