roles/named: Deploy BIND DNS server

The *named* role configures the BIND DNS server on managed nodes. It writes `/etc/named.conf`, using a template that supports most of the commonly-used options. The configuration can be augmented by other templates, etc. by specifying file paths in the `named_options_include` or `named_global_include` variables, both of which are lists.
2018-01-07 11:26:03 -06:00
parent ac354643c5
commit b493d81cfa
6 changed files with 172 additions and 0 deletions
--- a/roles/named/tasks/main.yml
+++ b/roles/named/tasks/main.yml
@@ -0,0 +1,54 @@
+- name: load distribution-specific values
+  include_vars: '{{ item }}'
+  with_first_found:
+  - '{{ ansible_distribution }}.yml'
+  - defaults.yml
+  tags:
+  - always
+
+- name: ensure packages are installed
+  package:
+    name={{ named_packages|join(',') }}
+    state=present
+  tags:
+  - install
+
+- name: ensure named is configured
+  template:
+    src: named.conf.j2
+    dest: /etc/named.conf
+    mode: '0640'
+    owner: root
+    group: named
+    validate: named-checkconf %s
+  notify: reload named
+
+# TODO: What about other OS/init setups?
+- name: ensure named environment variables are set
+  template:
+    src=named.sysconfig.j2
+    dest=/etc/sysconfig/named
+    mode=0644
+  when: ansible_os_family == 'RedHat'
+  notify: restart named
+
+- name: ensure named starts at boot
+  service:
+    name=named
+    enabled=yes
+- meta: flush_handlers
+- name: ensure named is running
+  service:
+    name=named
+    state=started
+
+- name: ensure firewall is configured for dns
+  firewalld:
+    service=dns
+    state=enabled
+    permanent=no
+    immediate=yes
+  notify: save firewalld configuration
+  when: host_uses_firealld|d(true)|bool
+  tags:
+  - firewalld