configpolicy/roles/named/tasks/main.yml

- name: load distribution-specific values
  include_vars: '{{ item }}'
  with_first_found:
  - '{{ ansible_distribution }}.yml'
  - defaults.yml
  tags:
  - always

- name: ensure packages are installed
  package:
    name={{ named_packages|join(',') }}
    state=present
  tags:
  - install

- name: ensure named keys are configured
  template:
    src: named.secrets.j2
    dest: /etc/named.secrets
    mode: '0440'
    owner: root
    group: named
    validate: named-checkconf %s
  notify: reload named

- name: ensure zones are configured
  template:
    src: named.zones.j2
    dest: /etc/named.zones
    mode: '0640'
    owner: root
    group: named
    validate: named-checkconf %s
  notify: reload named
- name: ensure zone files exist
  template:
    src: zone.j2
    dest: /var/named/dynamic/{{ item.zone }}.zone
    mode: '0640'
    owner: root
    group: named
    force: no
  with_items: '{{ named_zones|selectattr("type", "eq", "master")|list }}'
  notify: reload named

- name: ensure named is configured
  template:
    src: named.conf.j2
    dest: /etc/named.conf
    mode: '0640'
    owner: root
    group: named
    validate: named-checkconf %s
  notify: restart named

# TODO: What about other OS/init setups?
- name: ensure named environment variables are set
  template:
    src=named.sysconfig.j2
    dest=/etc/sysconfig/named
    mode=0644
  when: ansible_os_family == 'RedHat'
  notify: restart named

- name: ensure named starts at boot
  service:
    name=named
    enabled=yes
- meta: flush_handlers
- name: ensure named is running
  service:
    name=named
    state=started

- name: ensure firewall is configured for dns
  firewalld:
    service=dns
    state=enabled
    permanent=no
    immediate=yes
  notify: save firewalld configuration
  when: host_uses_firealld|d(true)|bool
  tags:
  - firewalld