iiab/roles/network/tasks/named.yml

- name: "Install named packages: bind9, bind9utils (debuntu)"
  package:
    name:
      - bind9
      - bind9utils
    state: present
  when: is_debuntu | bool

- name: "Install named packages: bind, bind-utils (OS's other than debuntu)"
  package:
    name:
      - bind
      - bind-utils
    state: present
  when: not is_debuntu

# or we have to change the serial number in the config files.
- name: Stop named before copying files (if first_run and debuntu)
  service:
    name: "{{ dns_service }}"
    state: stopped
  when: first_run and is_debuntu

- name: "Set 3 folders' ownership to {{ dns_user }}:root and permission to 0755"
  file:
    path: "{{ item }}"
    owner: "{{ dns_user }}"
    group: root
    mode: '0755'
    state: directory
  with_items:
    - /var/named-iiab
    - /var/named-iiab/data
    - /etc/sysconfig/olpc-scripts/domain_config.d

- name: Install 21 configuration files for named, from templates
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: "{{ item.owner }}"
    group: root
    mode: "{{ item.mode }}"
  with_items:
    - { src: 'roles/network/templates/named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf', owner: "root", mode: '0644' }
    - { src: 'roles/network/templates/named/named.j2', dest: '/etc/sysconfig/named', owner: "root", mode: '0644' }
    - { src: 'roles/network/templates/named/named', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/named', owner: "root", mode: '0644' }
    - { src: 'roles/network/templates/named/localdomain.zone', dest: '/var/named-iiab/localdomain.zone', owner: "{{ dns_user }}", mode: '0644' }
    - { src: 'roles/network/templates/named/localhost.zone', dest: '/var/named-iiab/localhost.zone', owner: "{{ dns_user }}", mode: '0644' }
    - { src: 'roles/network/templates/named/named.broadcast', dest: '/var/named-iiab/named.broadcast', owner: "{{ dns_user }}", mode: '0644' }
    - { src: 'roles/network/templates/named/named.ip6.local', dest: '/var/named-iiab/named.ip6.local', owner: "{{ dns_user }}", mode: '0644' }
    - { src: 'roles/network/templates/named/named.local', dest: '/var/named-iiab/named.local', owner: "{{ dns_user }}", mode: '0644' }
    - { src: 'roles/network/templates/named/named.rfc1912.zones', dest: '/var/named-iiab/named.rfc1912.zones', owner: "{{ dns_user }}", mode: '0644' }
    - { src: 'roles/network/templates/named/named.root', dest: '/var/named-iiab/named.root', owner: "{{ dns_user }}", mode: '0644' }
    - { src: 'roles/network/templates/named/named.root.hints', dest: '/var/named-iiab/named.root.hints', owner: "{{ dns_user }}", mode: '0644' }
    - { src: 'roles/network/templates/named/named.zero', dest: '/var/named-iiab/named.zero', owner: "{{ dns_user }}", mode: '0644' }
    - { src: 'roles/network/templates/named/school.external.zone.db', dest: '/var/named-iiab/school.external.zone.db', owner: "{{ dns_user }}", mode: '0644' }
    - { src: 'roles/network/templates/named/school.internal.zone.16.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.16.in-addr.db', owner: "{{ dns_user }}", mode: '0644' }
    - { src: 'roles/network/templates/named/school.internal.zone.32.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.32.in-addr.db', owner: "{{ dns_user }}", mode: '0644' }
    - { src: 'roles/network/templates/named/school.internal.zone.48.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.48.in-addr.db', owner: "{{ dns_user }}", mode: '0644' }
# the following two files are not writeable by named, but bind 9.4 cannot discover that fact correctly
    - { src: 'roles/network/templates/named/school.internal.zone.db', dest: '/var/named-iiab/school.internal.zone.db', owner: "root", mode: '0644' }
    - { src: 'roles/network/templates/named/school.local.zone.db', dest: '/var/named-iiab/school.local.zone.db', owner: "root", mode: '0644' }
    - { src: 'roles/network/templates/named/school.internal.zone.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.in-addr.db', owner: "{{ dns_user }}", mode: '0644' }
    - { src: 'roles/network/templates/named/dummy', dest: '/var/named-iiab/data/dummy', owner: "{{ dns_user }}", mode: '0644' }
    - { src: 'roles/network/templates/named/named.blackhole', dest: '/var/named-iiab/named.blackhole', owner: "{{ dns_user }}", mode: '0644' }

- name: Install named unit file /etc/systemd/system/{{ dns_service }}.service, which uses $OPTIONS from sysconfig
  template:
    src: "roles/network/templates/named/{{ dns_service }}.service"
    dest: "/etc/systemd/system/{{ dns_service }}.service"
    mode: '0644'

- name: "Install /etc/{{ apache_conf_dir }}/dns-jail.conf from template: dns-jail redirect requires the named.blackhole, disabling recursion (if dns_jail_enabled)"
#        in named-iiab.conf, and the redirection of 404 error documents to /
  template:
    src: roles/network/templates/named/dns-jail.conf
    dest: "/etc/{{ apache_conf_dir }}/"
  when: dns_jail_enabled | bool

- name: "Add 'named_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^named_installed'
    line: 'named_installed: True'

- name: Enable dns-jail.conf via Apache
  command: a2ensite dns-jail.conf
  when: dns_jail_enabled | bool

- name: Disable dns-jail.conf via Apache
  command: a2dissite: dns-jail.conf
  when: not dns_jail_enabled

- name: Start named systemd service
  systemd:
    name: "{{ dns_service }}"
    state: started
  when: not dnsmasq_enabled    # See PR #1303, #1306, PR #1318
Update named.yml 2018-10-31 18:02:37 +00:00			`- name: "Install named packages: bind9, bind9utils (debuntu)"`
Update named.yml 2018-07-20 09:16:57 +00:00			`package:`
Update named.yml 2018-10-28 16:07:44 +00:00			`name:`
			`- bind9`
			`- bind9utils`
Update named.yml 2018-07-20 09:16:57 +00:00			`state: present`
'\| bool' for Ansible 2.8; prep U18+ 2019-05-24 07:06:43 +00:00			`when: is_debuntu \| bool`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
Update named.yml 2018-10-31 18:02:37 +00:00			`- name: "Install named packages: bind, bind-utils (OS's other than debuntu)"`
Update named.yml 2018-07-20 09:16:57 +00:00			`package:`
Update named.yml 2018-10-28 16:07:44 +00:00			`name:`
			`- bind`
			`- bind-utils`
Update named.yml 2018-07-20 09:16:57 +00:00			`state: present`
patch 0002 2017-05-27 23:10:45 +00:00			`when: not is_debuntu`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
			`# or we have to change the serial number in the config files.`
Update named.yml 2018-10-08 22:40:11 +00:00			`- name: Stop named before copying files (if first_run and debuntu)`
Update named.yml 2018-07-20 09:16:57 +00:00			`service:`
			`name: "{{ dns_service }}"`
			`state: stopped`
stopping named after install but during upgrades is a bad idea 2017-11-09 22:10:32 +00:00			`when: first_run and is_debuntu`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
Update named.yml 2018-10-31 18:02:37 +00:00			`- name: "Set 3 folders' ownership to {{ dns_user }}:root and permission to 0755"`
Update named.yml 2018-07-20 09:16:57 +00:00			`file:`
			`path: "{{ item }}"`
			`owner: "{{ dns_user }}"`
			`group: root`
35 tasks/*.yml writing to iiab_state.yml 2020-01-12 22:06:24 +00:00			`mode: '0755'`
Update named.yml 2018-07-20 09:16:57 +00:00			`state: directory`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`with_items:`
Iiab (#68) * xs- goes to iiab- * more xs->iiab * sysconfig was forgotten * hyphen vs underscore i roles network templates * bulk sed on pgsql-xs * create links for old script names * missed named-xs -> named-iiab * squid-xs ->squid-iiab * misspelled squid-iiab.conf.j2 2017-06-28 02:53:13 +00:00			`- /var/named-iiab`
			`- /var/named-iiab/data`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`- /etc/sysconfig/olpc-scripts/domain_config.d`

Update named.yml 2018-10-31 18:12:08 +00:00			`- name: Install 21 configuration files for named, from templates`
Update named.yml 2018-07-20 09:16:57 +00:00			`template:`
			`src: "{{ item.src }}"`
			`dest: "{{ item.dest }}"`
			`owner: "{{ item.owner }}"`
			`group: root`
			`mode: "{{ item.mode }}"`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`with_items:`
Update named.yml 2018-07-20 09:16:57 +00:00			`- { src: 'roles/network/templates/named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf', owner: "root", mode: '0644' }`
			`- { src: 'roles/network/templates/named/named.j2', dest: '/etc/sysconfig/named', owner: "root", mode: '0644' }`
			`- { src: 'roles/network/templates/named/named', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/named', owner: "root", mode: '0644' }`
			`- { src: 'roles/network/templates/named/localdomain.zone', dest: '/var/named-iiab/localdomain.zone', owner: "{{ dns_user }}", mode: '0644' }`
			`- { src: 'roles/network/templates/named/localhost.zone', dest: '/var/named-iiab/localhost.zone', owner: "{{ dns_user }}", mode: '0644' }`
			`- { src: 'roles/network/templates/named/named.broadcast', dest: '/var/named-iiab/named.broadcast', owner: "{{ dns_user }}", mode: '0644' }`
			`- { src: 'roles/network/templates/named/named.ip6.local', dest: '/var/named-iiab/named.ip6.local', owner: "{{ dns_user }}", mode: '0644' }`
			`- { src: 'roles/network/templates/named/named.local', dest: '/var/named-iiab/named.local', owner: "{{ dns_user }}", mode: '0644' }`
			`- { src: 'roles/network/templates/named/named.rfc1912.zones', dest: '/var/named-iiab/named.rfc1912.zones', owner: "{{ dns_user }}", mode: '0644' }`
			`- { src: 'roles/network/templates/named/named.root', dest: '/var/named-iiab/named.root', owner: "{{ dns_user }}", mode: '0644' }`
			`- { src: 'roles/network/templates/named/named.root.hints', dest: '/var/named-iiab/named.root.hints', owner: "{{ dns_user }}", mode: '0644' }`
			`- { src: 'roles/network/templates/named/named.zero', dest: '/var/named-iiab/named.zero', owner: "{{ dns_user }}", mode: '0644' }`
			`- { src: 'roles/network/templates/named/school.external.zone.db', dest: '/var/named-iiab/school.external.zone.db', owner: "{{ dns_user }}", mode: '0644' }`
			`- { src: 'roles/network/templates/named/school.internal.zone.16.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.16.in-addr.db', owner: "{{ dns_user }}", mode: '0644' }`
			`- { src: 'roles/network/templates/named/school.internal.zone.32.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.32.in-addr.db', owner: "{{ dns_user }}", mode: '0644' }`
			`- { src: 'roles/network/templates/named/school.internal.zone.48.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.48.in-addr.db', owner: "{{ dns_user }}", mode: '0644' }`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`# the following two files are not writeable by named, but bind 9.4 cannot discover that fact correctly`
Update named.yml 2018-07-20 09:16:57 +00:00			`- { src: 'roles/network/templates/named/school.internal.zone.db', dest: '/var/named-iiab/school.internal.zone.db', owner: "root", mode: '0644' }`
			`- { src: 'roles/network/templates/named/school.local.zone.db', dest: '/var/named-iiab/school.local.zone.db', owner: "root", mode: '0644' }`
			`- { src: 'roles/network/templates/named/school.internal.zone.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.in-addr.db', owner: "{{ dns_user }}", mode: '0644' }`
			`- { src: 'roles/network/templates/named/dummy', dest: '/var/named-iiab/data/dummy', owner: "{{ dns_user }}", mode: '0644' }`
			`- { src: 'roles/network/templates/named/named.blackhole', dest: '/var/named-iiab/named.blackhole', owner: "{{ dns_user }}", mode: '0644' }`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
Update named.yml 2018-10-31 18:02:37 +00:00			`- name: Install named unit file /etc/systemd/system/{{ dns_service }}.service, which uses $OPTIONS from sysconfig`
Update named.yml 2018-07-20 09:16:57 +00:00			`template:`
			`src: "roles/network/templates/named/{{ dns_service }}.service"`
			`dest: "/etc/systemd/system/{{ dns_service }}.service"`
35 tasks/*.yml writing to iiab_state.yml 2020-01-12 22:06:24 +00:00			`mode: '0644'`
Misc Fixes: Clean up whitespace warnings 2017-10-19 06:33:02 +00:00
Mostly var cleanup across ~80 files 2020-01-30 09:00:00 +00:00			`- name: "Install /etc/{{ apache_conf_dir }}/dns-jail.conf from template: dns-jail redirect requires the named.blackhole, disabling recursion (if dns_jail_enabled)"`
Iiab (#68) * xs- goes to iiab- * more xs->iiab * sysconfig was forgotten * hyphen vs underscore i roles network templates * bulk sed on pgsql-xs * create links for old script names * missed named-xs -> named-iiab * squid-xs ->squid-iiab * misspelled squid-iiab.conf.j2 2017-06-28 02:53:13 +00:00			`# in named-iiab.conf, and the redirection of 404 error documents to /`
Update named.yml 2018-07-20 09:16:57 +00:00			`template:`
			`src: roles/network/templates/named/dns-jail.conf`
Mostly var cleanup across ~80 files 2020-01-30 09:00:00 +00:00			`dest: "/etc/{{ apache_conf_dir }}/"`
'\| bool' for Ansible 2.8; prep U18+ 2019-05-24 07:06:43 +00:00			`when: dns_jail_enabled \| bool`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
Cleaner ver: 35+1 files may write to iiab_state.yml 2020-01-12 23:15:33 +00:00			`- name: "Add 'named_installed: True' to {{ iiab_state_file }}"`
stage 4 installed 2019-10-16 14:39:08 +00:00			`lineinfile:`
Cleaner ver: 35+1 files may write to iiab_state.yml 2020-01-12 23:15:33 +00:00			`dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml`
stage 4 installed 2019-10-16 14:39:08 +00:00			`regexp: '^named_installed'`
			`line: 'named_installed: True'`
35 tasks/*.yml writing to iiab_state.yml 2020-01-12 22:06:24 +00:00
			`- name: Enable dns-jail.conf via Apache`
			`command: a2ensite dns-jail.conf`
			`when: dns_jail_enabled \| bool`

			`- name: Disable dns-jail.conf via Apache`
			`command: a2dissite: dns-jail.conf`
			`when: not dns_jail_enabled`
stage 4 installed 2019-10-16 14:39:08 +00:00
Update named.yml 2018-10-31 18:02:37 +00:00			`- name: Start named systemd service`
			`systemd:`
Update named.yml 2018-07-20 09:16:57 +00:00			`name: "{{ dns_service }}"`
			`state: started`
Update named.yml 2018-12-03 08:05:17 +00:00			`when: not dnsmasq_enabled # See PR #1303, #1306, PR #1318`