Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

No longer use the chroot

Browse source
This commit is contained in:
Patrick Uiterwijk 2014-12-07 03:34:07 +00:00
parent e25eb1525c
commit 44885c9d7e
5 changed files with 15 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

2
roles/dns/files/logrotate-named
View file

@ -1,4 +1,4 @@
/var/named/chroot/log/named.log {
/var/log/named.log {
missingok
create 0644 named named
postrotate

7
roles/dns/files/named
View file

@ -1,7 +0,0 @@
# Currently, you can use the following options:
# ROOTDIR="/some/where" -- will run named in a chroot environment.
# you must set up the chroot environment before
# doing this.
# OPTIONS="whatever" -- These additional options will be passed to named
# at startup. Don't add -t here, use ROOTDIR instead.
ROOTDIR=/var/named/chroot

10
roles/dns/files/named.conf
View file

@ -207,7 +207,7 @@ view "PHX2" {
file "master/built/DEFAULT/fedoraproject.org.signed";
};
include "etc/zones.conf";
include "/etc/named/zones.conf";
};
@ -223,7 +223,7 @@ view "NA" {
type master;
file "master/built/NA/cloud.fedoraproject.org.signed";
};
include "etc/zones.conf";
include "/etc/named/zones.conf";
};
view "GB" {
@ -237,7 +237,7 @@ view "GB" {
type master;
file "master/built/GB/cloud.fedoraproject.org.signed";
};
include "etc/zones.conf";
include "/etc/named/zones.conf";
};
@ -253,7 +253,7 @@ view "EU" {
type master;
file "master/built/EU/cloud.fedoraproject.org.signed";
};
include "etc/zones.conf";
include "/etc/named/zones.conf";
};
@ -268,7 +268,7 @@ view "DEFAULT" {
type master;
file "master/built/DEFAULT/cloud.fedoraproject.org.signed";
};
include "etc/zones.conf";
include "/etc/named/zones.conf";
};
// Enabling bind9 statistics on localhost for collectd

2
roles/dns/files/update-dns
View file

@ -1,6 +1,6 @@
#!/bin/bash
dnsgit='https://infrastructure.fedoraproject.org/infra/dns.git'
destdir='/var/named/chroot/master/'
destdir='/var/named/master/'
if [ -d $destdir ];
then

55
roles/dns/tasks/main.yml
View file

@ -8,39 +8,6 @@
tags:
- packages
- name: create directories
file: path=/var/named/chroot/{{ item }} state=directory owner=named group=named mode=0755
with_items:
- ""
- "etc"
- "etc/named"
- "cache"
- "dev"
- "log"
- "var"
- "usr"
- "usr/lib"
- "usr/lib/bind"
- "var/named"
- "var/run"
- "var/run/named"
- "master"
- name: create chroot random
command: /bin/mknod /var/named/chroot/dev/random c 1 8
args:
creates: /var/named/chroot/dev/random
- name: create chroot null
command: /bin/mknod /var/named/chroot/dev/null c 1 3
args:
creates: /var/named/chroot/dev/null
- name: create chroot zero
command: /bin/mknod /var/named/chroot/dev/zero c 1 5
args:
creates: /var/named/chroot/dev/zero
- name: copy rndc config
copy: src=rndc.conf dest=/etc/rndc.conf
notify:
@ -56,28 +23,21 @@
- config
- name: copy named cache
copy: src=named.ca dest=/var/named/chroot/cache/named.ca
notify:
- restart named
tags:
- config
- name: copy named sysconfig
copy: src=named dest=/etc/sysconfig/named mode=0644 owner=root group=root
copy: src=named.ca dest=/var/named/named.ca
notify:
- restart named
tags:
- config
- name: copy GeoIP.sh
copy: src=GeoIP.sh dest=/var/named/chroot/GeoIP.sh mode=0755
copy: src=GeoIP.sh dest=/var/named/GeoIP.sh mode=0755
notify:
- restart named
tags:
- config
- name: create GeoIP acl
command: /var/named/chroot/GeoIP.sh
command: /var/named/GeoIP.sh
notify:
- restart named
@ -89,19 +49,22 @@
- config
- name: copy zones
copy: src=zones.conf dest=/var/named/chroot/etc/zones.conf owner=root group=root mode=0644
copy: src=zones.conf dest=/etc/named/zones.conf owner=root group=root mode=0644
notify:
- restart named
tags:
- config
- name: copy named config
copy: src=named.conf dest=/var/named/chroot/etc/named.conf mode=0644 owner=root group=root
copy: src=named.conf dest=/etc/named.conf mode=0644 owner=root group=root
notify:
- restart named
tags:
- config
- name: named service
service: name=named state=started enabled=yes
- name: update dns
command: /usr/local/bin/update-dns
notify:
@ -109,5 +72,3 @@
tags:
- config
- name: named service
service: name=named state=started enabled=yes