# Restart for config file updates
- name: restart named
service:
- name: named
+ name: "{{ bind_service }}"
state: restarted
# Reload for zone file updates
- name: reload named
service:
- name: named
+ name: "{{ bind_service }}"
state: reloaded
file:
path: "{{ named_conf_data_dir }}"
state: directory
- owner: named
- group: named
+ owner: "{{ bind_user }}"
+ group: "{{ bind_group }}"
- name: Create named.conf
template:
- ansible_selinux.status == "enabled"
# Helps prevent accidental DoS
+- name: Ensure nf_conntrack module is loaded
+ modprobe:
+ name: nf_conntrack
+ state: present
+ failed_when: false
+
- name: Double maximum configured connections
sysctl:
name: net.nf_conntrack_max
tags:
- always
+- name: Import distro-specific vars
+ include_vars: "{{ ansible_os_family }}.yml"
+ tags:
+ - always
+
# Install and update system packages
- import_tasks: packages.yml
tags:
- packages
-- name: Enable and start ntpd
+- name: Gather facts after installing packages
+ service_facts:
+ tags:
+ - always
+
+- name: Determine which time service exists (chrony/ntp/timesyncd)
+ set_fact:
+ time_services: "{{ ansible_facts.services.keys() | list }}"
+ timesyncd_service_name: >-
+ {{ 'systemd-timesyncd' if 'systemd-timesyncd.service' in ansible_facts.services else '' }}
+ chrony_service_name: >-
+ {{
+ 'chronyd' if 'chronyd.service' in ansible_facts.services
+ else ('chrony' if 'chrony.service' in ansible_facts.services else '')
+ }}
+ ntp_service_name: >-
+ {{
+ 'ntpd' if 'ntpd.service' in ansible_facts.services
+ else ('ntp' if 'ntp.service' in ansible_facts.services else '')
+ }}
+ tags:
+ - always
+
+- name: Set time_service_name
+ set_fact:
+ time_service_name: >-
+ {{
+ chrony_service_name
+ if chrony_service_name|length > 0
+ else (
+ ntp_service_name
+ if ntp_service_name|length > 0
+ else timesyncd_service_name
+ )
+ }}
+ tags:
+ - always
+
+- name: "Enable and start {{ time_service_name }}"
service:
- name: ntpd
+ name: "{{ time_service_name }}"
state: started
enabled: yes
tags:
path: "{{ named_conf_zones_path }}"
mode: '0700'
state: directory
- owner: named
- group: named
+ owner: "{{ bind_user }}"
+ group: "{{ bind_group }}"
tags:
- always
# Configure firewalld
- import_tasks: firewall.yml
+ when: ansible_os_family != "Debian"
tags:
- firewall
---
-- name: Include nameserver package list
- include_vars: packages_redhat.yml
- when: ansible_os_family == "RedHat"
-
-- name: Include nameserver package list
- include_vars: packages_suse.yml
- when: ansible_os_family == "Suse"
-
- name: Install and update packages via yum
yum:
name: "{{ packages }}"
when: ansible_pkg_mgr == "zypper"
tags:
- packages
+
+- name: Install and update packages via apt
+ apt:
+ name: "{{ packages }}"
+ state: latest
+ update_cache: yes
+ when: ansible_pkg_mgr == "apt"
+ tags:
+ - packages
{% for key, zone in named_domains.items() %}
{% if zone.reverse is defined and zone.reverse.0 is defined %}
{% for reverse in zone.reverse %}
-{% if ansible_env._ == "/usr/bin/python3" %}
-{% set octet1,octet2,octet3,_ = reverse.split('.') %}
-{% else %}
-{% set octet1,octet2,octet3 = reverse.split('.') %}
-{% endif %}
+{% set parts = reverse.split('.') %}
+{% set octet1 = parts[0] %}
+{% set octet2 = parts[1] %}
+{% set octet3 = parts[2] %}
zone "{{ octet3 }}.{{ octet2 }}.{{ octet1 }}.in-addr.arpa" {
{% if named_conf_slave is defined and named_conf_slave == true %}
type slave;
--- /dev/null
+---
+packages:
+ ## misc tools
+ - vim
+ - wget
+ - plocate
+ - git
+ ## bind-specific packages
+ - bind9
+ - bind9utils
+ ## for NTP
+ - ntp
+ - ntpdate
+
+bind_service: bind9
+bind_user: bind
+bind_group: bind
+
+named_conf_zones_path: /etc/bind/zones
--- /dev/null
+---
+packages:
+ ## misc tools
+ - vim
+ - wget
+ - mlocate
+ - git
+ - redhat-lsb-core
+ ## bind-specific packages
+ - bind
+ - bind-utils
+ ## firewall
+ - firewalld
+ ## monitoring
+ - nrpe
+ - nagios-plugins-all
+ ## for NTP
+ - ntp
+ - ntpdate
+
+bind_service: named
+bind_user: named
+bind_group: named
+
+named_conf_zones_path: /var/named/zones
--- /dev/null
+---
+packages:
+ ## misc tools
+ - vim
+ - wget
+ - mlocate
+ - git
+ - lsb
+ ## bind-specific packages
+ - bind
+ - bind-utils
+ ## firewall
+ - firewalld
+ ## monitoring
+ - nrpe
+ - nagios-plugins-all
+ ## for NTP
+ - ntp
+ #- ntpdate
+ # do we really need selinux on opensuse?
+ - python-selinux
+
+bind_service: named
+bind_user: named
+bind_group: named
+
+named_conf_zones_path: /var/lib/named
+++ /dev/null
----
-packages:
- ## misc tools
- - vim
- - wget
- - mlocate
- - git
- - redhat-lsb-core
- ## bind-specific packages
- - bind
- - bind-utils
- ## firewall
- - firewalld
- ## monitoring
- - nrpe
- - nagios-plugins-all
- ## for NTP
- - ntp
- - ntpdate
+++ /dev/null
----
-packages:
- ## misc tools
- - vim
- - wget
- - mlocate
- - git
- - lsb
- ## bind-specific packages
- - bind
- - bind-utils
- ## firewall
- - firewalld
- ## monitoring
- - nrpe
- - nagios-plugins-all
- ## for NTP
- - ntp
- #- ntpdate
- # do we really need selinux on opensuse?
- - python-selinux
projects / ceph-cm-ansible.git / commitdiff