From 712e123df8f0762899b7a0b15f88f7824afa95ed Mon Sep 17 00:00:00 2001
From: David Galloway <dgallowa@redhat.com>
Date: Wed, 20 Apr 2016 19:54:46 -0400
Subject: [PATCH] nameserver: Add configuration task for named service

Signed-off-by: David Galloway <dgallowa@redhat.com>
---
 roles/nameserver/defaults/main.yml       |  7 ++++
 roles/nameserver/tasks/config.yml        | 13 +++++++
 roles/nameserver/tasks/main.yml          |  5 +++
 roles/nameserver/templates/named.conf.j2 | 46 ++++++++++++++++++++++++
 4 files changed, 71 insertions(+)
 create mode 100644 roles/nameserver/tasks/config.yml
 create mode 100644 roles/nameserver/templates/named.conf.j2

diff --git a/roles/nameserver/defaults/main.yml b/roles/nameserver/defaults/main.yml
index 37cdbdb..9713692 100644
--- a/roles/nameserver/defaults/main.yml
+++ b/roles/nameserver/defaults/main.yml
@@ -7,6 +7,13 @@ secrets_repo:
   url: null
 
 # Main BIND conf vars
+named_conf_dir: "/var/named"
+named_conf_file: "/etc/named.conf"
+named_conf_data_dir: "/var/named/data"
+named_conf_listen_port: 53
+named_conf_listen_iface:
+ - 127.0.0.1
+ - "{{ ansible_all_ipv4_addresses[0] }}"
 named_conf_zones_path: "/var/named/zones"
 
 # Zone file conf vars
diff --git a/roles/nameserver/tasks/config.yml b/roles/nameserver/tasks/config.yml
new file mode 100644
index 0000000..0899d96
--- /dev/null
+++ b/roles/nameserver/tasks/config.yml
@@ -0,0 +1,13 @@
+---
+- name: Create named data directory
+  file:
+    path: "{{ named_conf_data_dir }}"
+    state: directory
+
+- name: Create named.conf
+  template:
+    src: named.conf.j2
+    dest: "{{ named_conf_file }}"
+    validate: named-checkconf %s
+  notify: restart named
+  with_dict: "{{ named_domains }}"
diff --git a/roles/nameserver/tasks/main.yml b/roles/nameserver/tasks/main.yml
index 5dcc629..f487ee3 100644
--- a/roles/nameserver/tasks/main.yml
+++ b/roles/nameserver/tasks/main.yml
@@ -4,6 +4,11 @@
   tags:
     - packages
 
+# Configure BIND
+- include: config.yml
+  tags:
+    - config
+
 # Compile and write zone files
 - include: records.yml
   tags:
diff --git a/roles/nameserver/templates/named.conf.j2 b/roles/nameserver/templates/named.conf.j2
new file mode 100644
index 0000000..04c83cb
--- /dev/null
+++ b/roles/nameserver/templates/named.conf.j2
@@ -0,0 +1,46 @@
+#
+# {{ ansible_managed }}
+#
+
+options {
+	listen-on port {{ named_conf_listen_port }} { {% for interface in named_conf_listen_iface -%}{{ interface }}; {% endfor -%} };
+
+	directory		"{{ named_conf_dir }}";
+	dump-file		"{{ named_conf_data_dir }}/cache_dump.db";
+	statistics-file 	"{{ named_conf_data_dir }}/named_stats.txt";
+	memstatistics-file	"{{ named_conf_data_dir }}/named_mem_stats.txt";
+
+	allow-query		{ any; };
+	recursion		yes;
+	allow-recursion		{ any; };
+};
+
+logging {
+	channel			default_debug {
+	file			"{{ named_conf_data_dir }}/named.run";
+	severity		dynamic;
+        };
+};
+
+# Forward zones
+{% for key, zone in named_domains.iteritems() %}
+zone "{{ key }}" {
+	type	master;
+	file	"{{ named_conf_zones_path }}/{{ key }}";
+};
+
+{% endfor %}
+
+# Reverse zones
+{% for key, zone in named_domains.iteritems() %}
+{% if zone.reverse is defined and zone.reverse.0 is defined %}
+{% for reverse in zone.reverse %}
+{% set octet1,octet2,octet3 = reverse.split('.') %}
+zone "{{ octet3 }}.{{ octet2 }}.{{ octet1 }}.in-addr.arpa" {
+	type	master;
+	file	"{{ named_conf_zones_path }}/{{ reverse }}";
+};
+
+{% endfor %}
+{% endif %}
+{% endfor %}
-- 
2.39.5