iiab/roles/network/tasks/named.yml

- name: Install named packages for Debian/Debuntu
  package: name={{ item }}
           state=present
  with_items:
   - bind9
   - bind9utils
  when: is_debuntu
  tags:
    - download

- name: Install named packages for non Debian/Debuntu
  package: name={{ item }}
           state=present
  with_items:
   - bind
   - bind-utils
  when: not is_debuntu
  tags:
    - download

# or we have to change the serial number in the config files.
#- name: Stop named before copying files
#  service: name={{ dns_service }} state=stopped
#  when: not installing

- name: Set folder permission
  file: path={{ item }}
        owner={{ dns_user }}
        group=root
        mode=0755
        state=directory
  with_items:
    - /var/named-iiab
    - /var/named-iiab/data
    - /etc/sysconfig/olpc-scripts/domain_config.d

- name: Configure named
  template: src={{ item.src }}
            dest={{ item.dest }}
            owner={{ item.owner }}
            group=root
            mode={{ item.mode }}
  with_items:
    - { src: 'named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf', owner: "root" , mode: '0644' }
    - { src: 'named/named.j2', dest: '/etc/sysconfig/named', owner: "root" , mode: '0644' }
    - { src: 'named/named', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/named', owner: "root" , mode: '0644' }
    - { src: 'named/localdomain.zone', dest: '/var/named-iiab/localdomain.zone',owner: "{{ dns_user }}" , mode: '0644' }
    - { src: 'named/localhost.zone', dest: '/var/named-iiab/localhost.zone', owner: "{{ dns_user }}" , mode: '0644' }
    - { src: 'named/named.broadcast', dest: '/var/named-iiab/named.broadcast', owner: "{{ dns_user }}" , mode: '0644'}
    - { src: 'named/named.ip6.local', dest: '/var/named-iiab/named.ip6.local' , owner: "{{ dns_user }}" , mode: '0644'}
    - { src: 'named/named.local', dest: '/var/named-iiab/named.local' , owner: "{{ dns_user }}" , mode: '0644'}
    - { src: 'named/named.rfc1912.zones', dest: '/var/named-iiab/named.rfc1912.zones' , owner: "{{ dns_user }}" , mode: '0644'}
    - { src: 'named/named.root', dest: '/var/named-iiab/named.root' , owner: "{{ dns_user }}" , mode: '0644'}
    - { src: 'named/named.root.hints', dest: '/var/named-iiab/named.root.hints' , owner: "{{ dns_user }}" , mode: '0644'}
    - { src: 'named/named.zero', dest: '/var/named-iiab/named.zero' , owner: "{{ dns_user }}" , mode: '0644'}
    - { src: 'named/school.external.zone.db', dest: '/var/named-iiab/school.external.zone.db' , owner: "{{ dns_user }}" , mode: '0644'}
    - { src: 'named/school.internal.zone.16.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.16.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
    - { src: 'named/school.internal.zone.32.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.32.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
    - { src: 'named/school.internal.zone.48.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.48.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
# the following two files are not writeable by named, but bind 9.4 cannot discover that fact correctly
    - { src: 'named/school.internal.zone.db', dest: '/var/named-iiab/school.internal.zone.db' , owner: "root" , mode: '0644'}
    - { src: 'named/school.local.zone.db', dest: '/var/named-iiab/school.local.zone.db' , owner: "root" , mode: '0644'}
    - { src: 'named/school.internal.zone.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
    - { src: 'named/dummy', dest: '/var/named-iiab/data/dummy' , owner: "{{ dns_user }}" , mode: '0644'}
    - { src: 'named/named.blackhole', dest: '/var/named-iiab/named.blackhole' , owner: "{{ dns_user }}" , mode: '0644'}

- name: Substitute our unit file which uses $OPTIONS from sysconfig
  template: src=named/{{ dns_service }}.service
            dest=/etc/systemd/system/{{ dns_service }}.service
            mode=0644

- name: The dns-jail redirect requires the named.blackhole,disabling recursion
#        in named-iiab.conf, and the redirection of 404 error documents to /
  template: src=named/dns-jail.conf dest=/etc/{{ apache_config_dir }}/
  when: dns_jail_enabled

- name: Separate enabling required for debian
  file: src=/etc/{{ apache_config_dir }}/dns-jail.conf
        path=/etc/{{ apache_service }}/sites-enabled/dns-jail.conf
        state=link
  when: is_debuntu and dns_jail_enabled

- name: Separate enabling/disabling required for Debian
  file: src=/etc/{{ apache_config_dir }}/dns-jail.conf
        path=/etc/{{ apache_service }}/sites-enabled/dns-jail.conf
        state=absent
  when: is_debuntu and not dns_jail_enabled

- name: Separate enabling/disabling required for non Debian
  file: path=/etc/{{ apache_config_dir }}/dns-jail.conf
        state=absent
  when: not is_debuntu and not dns_jail_enabled
More readable Ansible output 2017-10-27 15:53:43 +00:00			`- name: Install named packages for Debian/Debuntu`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`package: name={{ item }}`
			`state=present`
			`with_items:`
			`- bind9`
			`- bind9utils`
patch 0002 2017-05-27 23:10:45 +00:00			`when: is_debuntu`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`tags:`
			`- download`

More readable Ansible output 2017-10-27 15:53:43 +00:00			`- name: Install named packages for non Debian/Debuntu`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`package: name={{ item }}`
			`state=present`
			`with_items:`
			`- bind`
			`- bind-utils`
patch 0002 2017-05-27 23:10:45 +00:00			`when: not is_debuntu`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`tags:`
			`- download`

			`# or we have to change the serial number in the config files.`
named - wrong place 2017-09-22 01:06:18 +00:00			`#- name: Stop named before copying files`
			`# service: name={{ dns_service }} state=stopped`
			`# when: not installing`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
			`- name: Set folder permission`
			`file: path={{ item }}`
			`owner={{ dns_user }}`
			`group=root`
			`mode=0755`
			`state=directory`
			`with_items:`
Iiab (#68) * xs- goes to iiab- * more xs->iiab * sysconfig was forgotten * hyphen vs underscore i roles network templates * bulk sed on pgsql-xs * create links for old script names * missed named-xs -> named-iiab * squid-xs ->squid-iiab * misspelled squid-iiab.conf.j2 2017-06-28 02:53:13 +00:00			`- /var/named-iiab`
			`- /var/named-iiab/data`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`- /etc/sysconfig/olpc-scripts/domain_config.d`

			`- name: Configure named`
			`template: src={{ item.src }}`
			`dest={{ item.dest }}`
			`owner={{ item.owner }}`
			`group=root`
			`mode={{ item.mode }}`
			`with_items:`
Iiab (#68) * xs- goes to iiab- * more xs->iiab * sysconfig was forgotten * hyphen vs underscore i roles network templates * bulk sed on pgsql-xs * create links for old script names * missed named-xs -> named-iiab * squid-xs ->squid-iiab * misspelled squid-iiab.conf.j2 2017-06-28 02:53:13 +00:00			`- { src: 'named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf', owner: "root" , mode: '0644' }`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`- { src: 'named/named.j2', dest: '/etc/sysconfig/named', owner: "root" , mode: '0644' }`
			`- { src: 'named/named', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/named', owner: "root" , mode: '0644' }`
Iiab (#68) * xs- goes to iiab- * more xs->iiab * sysconfig was forgotten * hyphen vs underscore i roles network templates * bulk sed on pgsql-xs * create links for old script names * missed named-xs -> named-iiab * squid-xs ->squid-iiab * misspelled squid-iiab.conf.j2 2017-06-28 02:53:13 +00:00			`- { src: 'named/localdomain.zone', dest: '/var/named-iiab/localdomain.zone',owner: "{{ dns_user }}" , mode: '0644' }`
			`- { src: 'named/localhost.zone', dest: '/var/named-iiab/localhost.zone', owner: "{{ dns_user }}" , mode: '0644' }`
			`- { src: 'named/named.broadcast', dest: '/var/named-iiab/named.broadcast', owner: "{{ dns_user }}" , mode: '0644'}`
			`- { src: 'named/named.ip6.local', dest: '/var/named-iiab/named.ip6.local' , owner: "{{ dns_user }}" , mode: '0644'}`
			`- { src: 'named/named.local', dest: '/var/named-iiab/named.local' , owner: "{{ dns_user }}" , mode: '0644'}`
			`- { src: 'named/named.rfc1912.zones', dest: '/var/named-iiab/named.rfc1912.zones' , owner: "{{ dns_user }}" , mode: '0644'}`
			`- { src: 'named/named.root', dest: '/var/named-iiab/named.root' , owner: "{{ dns_user }}" , mode: '0644'}`
			`- { src: 'named/named.root.hints', dest: '/var/named-iiab/named.root.hints' , owner: "{{ dns_user }}" , mode: '0644'}`
			`- { src: 'named/named.zero', dest: '/var/named-iiab/named.zero' , owner: "{{ dns_user }}" , mode: '0644'}`
			`- { src: 'named/school.external.zone.db', dest: '/var/named-iiab/school.external.zone.db' , owner: "{{ dns_user }}" , mode: '0644'}`
			`- { src: 'named/school.internal.zone.16.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.16.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}`
			`- { src: 'named/school.internal.zone.32.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.32.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}`
			`- { src: 'named/school.internal.zone.48.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.48.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`# the following two files are not writeable by named, but bind 9.4 cannot discover that fact correctly`
Iiab (#68) * xs- goes to iiab- * more xs->iiab * sysconfig was forgotten * hyphen vs underscore i roles network templates * bulk sed on pgsql-xs * create links for old script names * missed named-xs -> named-iiab * squid-xs ->squid-iiab * misspelled squid-iiab.conf.j2 2017-06-28 02:53:13 +00:00			`- { src: 'named/school.internal.zone.db', dest: '/var/named-iiab/school.internal.zone.db' , owner: "root" , mode: '0644'}`
			`- { src: 'named/school.local.zone.db', dest: '/var/named-iiab/school.local.zone.db' , owner: "root" , mode: '0644'}`
			`- { src: 'named/school.internal.zone.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}`
			`- { src: 'named/dummy', dest: '/var/named-iiab/data/dummy' , owner: "{{ dns_user }}" , mode: '0644'}`
			`- { src: 'named/named.blackhole', dest: '/var/named-iiab/named.blackhole' , owner: "{{ dns_user }}" , mode: '0644'}`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
More readable Ansible output 2017-10-27 15:53:43 +00:00			`- name: Substitute our unit file which uses $OPTIONS from sysconfig`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`template: src=named/{{ dns_service }}.service`
			`dest=/etc/systemd/system/{{ dns_service }}.service`
			`mode=0644`
Misc Fixes: Clean up whitespace warnings 2017-10-19 06:33:02 +00:00
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`- name: The dns-jail redirect requires the named.blackhole,disabling recursion`
Iiab (#68) * xs- goes to iiab- * more xs->iiab * sysconfig was forgotten * hyphen vs underscore i roles network templates * bulk sed on pgsql-xs * create links for old script names * missed named-xs -> named-iiab * squid-xs ->squid-iiab * misspelled squid-iiab.conf.j2 2017-06-28 02:53:13 +00:00			`# in named-iiab.conf, and the redirection of 404 error documents to /`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`template: src=named/dns-jail.conf dest=/etc/{{ apache_config_dir }}/`
			`when: dns_jail_enabled`

			`- name: Separate enabling required for debian`
			`file: src=/etc/{{ apache_config_dir }}/dns-jail.conf`
			`path=/etc/{{ apache_service }}/sites-enabled/dns-jail.conf`
Misc Fixes: Clean up whitespace warnings 2017-10-19 06:33:02 +00:00			`state=link`
patch 0002 2017-05-27 23:10:45 +00:00			`when: is_debuntu and dns_jail_enabled`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
More readable Ansible output 2017-10-27 15:53:43 +00:00			`- name: Separate enabling/disabling required for Debian`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`file: src=/etc/{{ apache_config_dir }}/dns-jail.conf`
			`path=/etc/{{ apache_service }}/sites-enabled/dns-jail.conf`
Misc Fixes: Clean up whitespace warnings 2017-10-19 06:33:02 +00:00			`state=absent`
patch 0002 2017-05-27 23:10:45 +00:00			`when: is_debuntu and not dns_jail_enabled`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
More readable Ansible output 2017-10-27 15:53:43 +00:00			`- name: Separate enabling/disabling required for non Debian`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`file: path=/etc/{{ apache_config_dir }}/dns-jail.conf`
Misc Fixes: Clean up whitespace warnings 2017-10-19 06:33:02 +00:00			`state=absent`
patch 0002 2017-05-27 23:10:45 +00:00			`when: not is_debuntu and not dns_jail_enabled`