infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions

First attempt at DNS in ansible

Browse source
This commit is contained in:
Patrick Uiterwijk 2014-12-06 22:46:11 +00:00
parent decd8edda7
commit f96c65e134
13 changed files with 919 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

16
inventory/group_vars/dns Normal file
View file

@ -0,0 +1,16 @@
---
# Define resources for this group of hosts here.
lvm_size: 30000
mem_size: 2048
num_cpus: 2
# for systems that do not match the above - specify the same parameter in
# the host_vars/$hostname file
udp_ports: [ 53 ]
tcp_ports: [ 53 ]
fas_client_groups: sysadmin-main,sysadmin-dns
nrpe_procs_warn: 300
nrpe_procs_crit: 500

14
inventory/host_vars/ns-osu01.fedoraproject.org Normal file
View file

@ -0,0 +1,14 @@
---
nm: 255.255.255.128
gw: 140.211.169.193
dns: 140.211.166.130
volgroup: /dev/vg_guests
eth0_ip: 140.211.169.203
ansible_ssh_host: ns-osu01.fedoraproject.org
postfix_group: vpn
vmhost: osuosl03.fedoraproject.org
datacenter: osuosl

1
inventory/inventory
View file

@ -358,6 +358,7 @@ ns03.phx2.fedoraproject.org
ns04.phx2.fedoraproject.org
ns05.fedoraproject.org
ns-sb01.fedoraproject.org
ns-osu01.fedoraproject.org
[packages]
packages03.phx2.fedoraproject.org

51
playbooks/groups/dns.yml Normal file
View file

@ -0,0 +1,51 @@
# create a new fas server
#
#
- name: make dns server
hosts: ns-osu01.fedoraproject.org
user: root
gather_facts: False
accelerate: "{{ accelerated }}"
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "{{ private }}/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
tasks:
- include: "{{ tasks }}/virt_instance_create.yml"
handlers:
- include: "{{ handlers }}/restart_services.yml"
- name: make the box be real
hosts: ns-osu01.fedoraproject.org
user: root
gather_facts: True
accelerate: "{{ accelerated }}"
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "{{ private }}/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- base
- hosts
- rkhunter
- denyhosts
- nagios_client
- fas_client
- collectd/base
- rsyncd
- sudo
- dns
tasks:
- include: "{{ tasks }}/yumrepos.yml"
- include: "{{ tasks }}/2fa_client.yml"
- include: "{{ tasks }}/motd.yml"
handlers:
- include: "{{ handlers }}/restart_services.yml"

31
roles/dns/files/GeoIP.sh Executable file
View file

@ -0,0 +1,31 @@
#!/bin/bash
# This copyrighted material is made available to anyone wishing to use, modify,
# copy, or redistribute it subject to the terms and conditions of the GNU
# General Public License v.2. This program is distributed in the hope that it
# will be useful, but WITHOUT ANY WARRANTY expressed or implied, including the
# implied warranties of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
# See the GNU General Public License for more details. You should have
# received a copy of the GNU General Public License along with this program;
# if not, write to the Free Software Foundation, Inc., 51 Franklin Street,
# Fifth Floor, Boston, MA 02110-1301, USA.
[ -f GeoIPCountryCSV.zip ] || wget -q -T 5 -t 1 http://geolite.maxmind.com/download/geoip/database/GeoIPCountryCSV.zip
unzip -q GeoIPCountryCSV.zip || exit 1
awk -F \" '{print $10","$6","$8}' GeoIPCountryWhois.csv > cbe.csv
rm -f GeoIPCountryWhois.csv
(for c in $(awk -F , '{print $1}' cbe.csv | sort -u)
do
echo "acl \"$c\" {"
grep "^$c," cbe.csv | awk -F , 'function s(b,e,l,m,n) {l = int(log(e-b+1)/log(2)); m = 2^32-2^l; n = and(m,e); if (n == and(m,b)) printf "\t%u.%u.%u.%u/%u;\n",b/2^24%256,b/2^16%256,b/2^8%256,b%256,32-l; else {s(b,n-1); s(n,e)}} s($2,$3)'
echo -e "};\n"
done) > etc/GeoIP.acl
rm -f cbe.csv
/etc/init.d/named reload > /dev/null
exit 0

7
roles/dns/files/logrotate-named Normal file
View file

@ -0,0 +1,7 @@
/var/named/chroot/log/named.log {
missingok
create 0644 named named
postrotate
/sbin/service named reload 2> /dev/null > /dev/null || true
endscript
}

7
roles/dns/files/named Normal file
View file

@ -0,0 +1,7 @@
# Currently, you can use the following options:
# ROOTDIR="/some/where" -- will run named in a chroot environment.
# you must set up the chroot environment before
# doing this.
# OPTIONS="whatever" -- These additional options will be passed to named
# at startup. Don't add -t here, use ROOTDIR instead.
ROOTDIR=/var/named/chroot

85
roles/dns/files/named.ca Normal file
View file

@ -0,0 +1,85 @@
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.cache
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: Feb 04, 2008
; related version of root zone: 2008020400
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803f:235
;
; formerly NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; operated by VeriSign, Inc.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30
;
; operated by RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
;
; operated by ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
;
; operated by WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
; End of File

278
roles/dns/files/named.conf Normal file
View file

@ -0,0 +1,278 @@
// named.conf file for ns-master.fedoraproject.org
// located in /var/named/chroot/etc/named.conf
// By: Elliot Lee <sopwith@redhat.com>
// 2005/12/21 for fedoraproject.org
// Based on the same file for ns-master.gnome.org
// By: Matthew Galgoci <mgalgoci@redhat.com>
// 2003/10/13 for gnome.org
//
// Setup for GeoDNS
include "etc/GeoIP.acl";
key "rndckey" {
algorithm hmac-md5;
secret "41x7Lj4MEobl58VDDK97ItQTGQq7MlahOcmlTYpxTDnS0ALgBaYWXg5KbnBp";
};
// dns1.j2solutions.net - run by Jesse Keating <jkeating@redhat.com>
acl "slaves" { 209.124.61.35; };
//
acl "everyone-v4" { 0.0.0.0/0; };
acl "everyone-v6" { ::0/0; };
acl "everyone" { 0.0.0.0/0; ::0/0; };
//
acl "ns_redhat" { 66.187.233.210; 209.132.183.2; 66.187.229.10; };
//
acl "phx2net" { 10.4.124.128/25; 10.5.78.0/24; 10.5.79.0/24; 10.5.125.0/24; 10.5.126.0/24; 10.5.127.0/24; };
acl "rh-slaves" { 172.16.52.28; 10.11.255.27; 10.11.255.3; };
acl "rh" { 10.0.0.0/8; };
//
options {
directory "/";
auth-nxdomain yes;
allow-query { everyone; };
dnssec-enable yes;
query-source address * port *;
query-source-v6 address * port *;
allow-transfer { localhost; slaves; rh-slaves; rh;};
transfer-source * port 53;
pid-file "var/run/named/named.pid";
statistics-file "log/named.stats";
provide-ixfr no;
version "cowbell++";
listen-on port 53 {
everyone-v4;
};
listen-on-v6 port 53 {
everyone-v6;
};
notify yes;
minimal-responses yes;
// internal nameservers shouldn't ratelimit
// rate-limit requests
//rate-limit {
// responses-per-second 25;
// window 5;
//};
};
//
logging {
channel "normal" {
syslog;
severity info;
print-time yes;
print-category yes;
print-severity yes;
};
category "default" { "normal"; };
category "general" { "normal"; };
category "database" { "null"; };
category "security" { "normal"; };
category "config" { "normal"; };
category "resolver" { "normal"; };
category "xfer-in" { "normal"; };
category "xfer-out" { "normal"; };
category "notify" { "normal"; };
category "client" { "null"; };
category "network" { "null"; };
category "update" { "normal"; };
category "queries" { "null"; };
category "dispatch" { "null"; };
category "dnssec" { "normal"; };
category "lame-servers" { "null"; };
};
//
// Who can rndc our server (only localhost)...
//
controls {
inet 127.0.0.1 port 953 allow { localhost; } keys { rndckey; };
};
view "PHX2" {
match-clients { 10.0.0.0/8; 192.168.0.0/16; 172.16.0.0/12; };
allow-recursion { localhost; phx2net; rh-slaves; rh; };
recursion yes;
# make sure we forward only for redhat.com lookups
zone "redhat.com" {
type forward;
forward only;
forwarders { 10.5.26.20; 10.5.26.21; };
};
# also, we need to forward some jboss.org for fuse-fabric/bugzilla2fedmsg
zone "jboss.org" {
type forward;
forward only;
forwarders { 10.5.26.20; 10.5.26.21; };
};
zone "88.5.10.in-addr.arpa" {
type forward;
forward only;
forwarders { 10.5.26.20; 10.5.26.21; };
};
zone "4.10.in-addr.arpa" {
type forward;
forward only;
forwarders { 10.5.26.20; 10.5.26.21; };
};
zone "5.10.in-addr.arpa" {
type forward;
forward only;
forwarders { 10.5.26.20; 10.5.26.21; };
};
zone "10.in-addr.arpa" {
type forward;
forward only;
forwarders { 10.5.26.20; 10.5.26.21; };
};
zone "186.132.209.in-addr.arpa." {
type forward;
forward only;
forwarders { 10.5.26.20; 10.5.26.21; };
};
zone "qa.fedoraproject.org" {
type master;
file "master/qa.fedoraproject.org";
};
zone "phx2.fedoraproject.org" {
type master;
file "master/phx2.fedoraproject.org";
};
zone "mgmt.fedoraproject.org" {
type master;
file "master/mgmt.fedoraproject.org";
};
zone "arm.fedoraproject.org" {
type master;
file "master/arm.fedoraproject.org";
};
zone "78.5.10.in-addr.arpa" {
type master;
file "master/78.5.10.in-addr.arpa";
};
zone "79.5.10.in-addr.arpa" {
type master;
file "master/79.5.10.in-addr.arpa";
};
zone "124.5.10.in-addr.arpa" {
type master;
file "master/124.5.10.in-addr.arpa";
};
zone "125.5.10.in-addr.arpa" {
type master;
file "master/125.5.10.in-addr.arpa";
};
zone "126.5.10.in-addr.arpa" {
type master;
file "master/126.5.10.in-addr.arpa";
};
zone "127.5.10.in-addr.arpa" {
type master;
file "master/127.5.10.in-addr.arpa";
};
zone "128.5.10.in-addr.arpa" {
type master;
file "master/128.5.10.in-addr.arpa";
};
zone "130.5.10.in-addr.arpa" {
type master;
file "master/130.5.10.in-addr.arpa";
};
zone "131.5.10.in-addr.arpa" {
type master;
file "master/131.5.10.in-addr.arpa";
};
zone "fedoraproject.org" {
type master;
file "master/DEFAULT/fedoraproject.org.signed";
};
include "etc/zones.conf";
};
// The zones
view "NA" {
match-clients { US; CA; MX; };
recursion no;
zone "fedoraproject.org" {
type master;
file "master/NA/fedoraproject.org.signed";
};
zone "cloud.fedoraproject.org" {
type master;
file "master/NA/cloud.fedoraproject.org.signed";
};
include "etc/zones.conf";
};
view "GB" {
match-clients { GB; IE; IS; NO; };
recursion no;
zone "fedoraproject.org" {
type master;
file "master/GB/fedoraproject.org.signed";
};
zone "cloud.fedoraproject.org" {
type master;
file "master/GB/cloud.fedoraproject.org.signed";
};
include "etc/zones.conf";
};
// This is not "EU" countries, I just wanted a short way to represent Europe.
view "EU" {
match-clients { AT; BE; BG; CY; CZ; DE; DK; EE; ES; FI; FR; GR; HU; IT; LT; LU; LV; MT; NL; PL; PT; RO; RU; SE; UA; };
recursion no;
zone "fedoraproject.org" {
type master;
file "master/EU/fedoraproject.org.signed";
};
zone "cloud.fedoraproject.org" {
type master;
file "master/EU/cloud.fedoraproject.org.signed";
};
include "etc/zones.conf";
};
view "DEFAULT" {
match-clients { any; };
recursion no;
zone "fedoraproject.org" {
type master;
file "master/DEFAULT/fedoraproject.org.signed";
};
zone "cloud.fedoraproject.org" {
type master;
file "master/DEFAULT/cloud.fedoraproject.org.signed";
};
include "etc/zones.conf";
};
// Enabling bind9 statistics on localhost for collectd
statistics-channels {
inet 127.0.0.1 port 8053;
};

34
roles/dns/files/rndc.conf Normal file
View file

@ -0,0 +1,34 @@
/*
* Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: rndc.conf,v 1.1 2007/03/21 18:40:16 mmcgrath Exp $ */
/*
* Sample rndc configuration file.
*/
options {
default-server localhost;
default-key "rndckey";
};
server localhost {
key "rndckey";
};
include "/etc/rndc.key";

34
roles/dns/files/update-dns Executable file
View file

@ -0,0 +1,34 @@
#!/bin/bash
tmpdir=`mktemp -d`
dnsgit='https://infrastructure.fedoraproject.org/infra/dns.git'
destdir='/var/named/chroot/master/'
cd $tmpdir
# clone the dnsgit repo
git clone $dnsgit >> /dev/null
if [ $? != 0 ]; then
echo "Error cloning dns git repo"
exit 1
fi
cd dns
# diff the two dirs - if they are the same - do nothing
diff -qurN built/ $destdir >>/dev/null
if [ $? != 0 ]; then
# rsync our new files overtop of the destdir files
rsync -a -q --delete-after built/ $destdir
if [ $? != 0 ]; then
echo "Error rsyncing files overtop from git repo:: $tmpdir/dns/built"
exit 1
fi
# change context so the chroot can cope
chown -R named.named $destdir
chcon -u system_u $destdir/* $destdir/*/*
# reload named
/sbin/service named reload
fi
rm -rf $tmpdir

249
roles/dns/files/zones.conf Normal file
View file

@ -0,0 +1,249 @@
zone "." {
type hint;
file "cache/named.ca";
};
zone "fedora.us" {
type master;
file "master/fedora.us.signed";
};
zone "fedora.my" {
type master;
file "master/fedora.my";
};
zone "fedora.com.my" {
type master;
file "master/fedora.com.my";
};
zone "fedora.pt" {
type master;
file "master/fedora.pt";
};
zone "fedoralinux.com" {
type master;
file "master/fedoralinux.com.signed";
};
zone "fedoralinux.net" {
type master;
file "master/fedoralinux.net.signed";
};
zone "fedoralinux.org" {
type master;
file "master/fedoralinux.org.signed";
};
zone "fedoramagazine.org" {
type master;
file "master/fedoramagazine.org.signed";
};
zone "fedoraproject.com" {
type master;
file "master/fedoraproject.com.signed";
};
zone "fedoraproject.com.my" {
type master;
file "master/fedoraproject.com.my";
};
zone "fedoraproject.su" {
type master;
file "master/fedoraproject.su";
};
zone "fedoraproject.net" {
type master;
file "master/fedoraproject.net.signed";
};
zone "fedoraproject.co.uk" {
type master;
file "master/fedoraproject.co.uk";
};
zone "fedorahosted.org" {
type master;
file "master/fedorahosted.org.signed";
};
//zone "fedoraproject.org" {
// type master;
// file "master/fedoraproject.org.signed";
//};
zone "vpn.fedoraproject.org" {
type master;
file "master/vpn.fedoraproject.org.signed";
};
zone "fedorapeople.org" {
type master;
file "master/fedorapeople.org.signed";
};
zone "fedoraproject.org.uk" {
type master;
file "master/fedoraproject.org.uk.signed";
};
zone "smolts.org" {
type master;
file "master/smolts.org.signed";
};
zone "fedoracommunity.org" {
type master;
file "master/fedoracommunity.org.signed";
};
zone "nspluginwrapper.org" {
type master;
file "master/nspluginwrapper.org.signed";
};
zone "k12linux.org" {
type master;
file "master/k12linux.org.signed";
};
zone "projectofedora.org" {
type master;
file "master/projectofedora.org.signed";
};
zone "168.192.in-addr.arpa" {
type master;
file "master/168.192.in-addr.arpa.signed";
};
zone "2.203.67.in-addr.arpa" {
type master;
file "master/2.203.67.in-addr.arpa";
};
zone "184.132.209.in-addr.arpa" {
type master;
file "master/184.132.209.in-addr.arpa";
};
zone "192-255.169.211.140.in-addr.arpa" {
type master;
file "master/192-255.169.211.140.in-addr.arpa";
};
zone "port389.org" {
type master;
file "master/port389.org.signed";
};
zone "389tcp.org" {
type master;
file "master/389tcp.org.signed";
};
zone "fpaste.org" {
type master;
file "master/fpaste.org";
};
//
// Zones added from registrar in 2011-12-15
//
zone "fedora-bd.org" {
type master;
file "master/fedora-bd.org";
};
zone "fedora.asia" {
type master;
file "master/fedora.asia";
};
zone "fedora.cr" {
type master;
file "master/fedora.cr";
};
zone "fedora.me" {
type master;
file "master/fedora.me";
};
zone "fedora.mobi" {
type master;
file "master/fedora.mobi";
};
zone "fedora.org.cn" {
type master;
file "master/fedora.org.cn";
};
zone "fedora.pe" {
type master;
file "master/fedora.pe";
};
zone "fedora.tk" {
type master;
file "master/fedora.tk";
};
zone "fedora.xxx" {
type master;
file "master/fedora.xxx";
};
zone "fedoramirror.net" {
type master;
file "master/fedoramirror.net";
};
zone "fedoraproject.asia" {
type master;
file "master/fedoraproject.asia";
};
zone "fedoraproject.cn" {
type master;
file "master/fedoraproject.cn";
};
zone "fedoraproject.com.cn" {
type master;
file "master/fedoraproject.com.cn";
};
zone "fedoraproject.com.gr" {
type master;
file "master/fedoraproject.com.gr";
};
zone "fedoraproject.cz" {
type master;
file "master/fedoraproject.cz";
};
zone "fedoraproject.eu" {
type master;
file "master/fedoraproject.eu";
};
zone "fedoraproject.gr" {
type master;
file "master/fedoraproject.gr";
};
zone "fedoraproject.my" {
type master;
file "master/fedoraproject.my";
};
zone "fedoraproject.net.cn" {
type master;
file "master/fedoraproject.net.cn";
};
zone "fedoraproject.pe" {
type master;
file "master/fedoraproject.pe";
};
zone "fedoraproject.xxx" {
type master;
file "master/fedoraproject.xxx";
};
zone "fedorasucks.com" {
type master;
file "master/fedorasucks.com";
};
zone "firewalld.org" {
type master;
file "master/firewalld.org";
};
zone "spreadfedora.com" {
type master;
file "master/spreadfedora.com";
};
zone "flocktofedora.com" {
type master;
file "master/flocktofedora.com";
};
zone "flocktofedora.org" {
type master;
file "master/flocktofedora.org";
};
zone "flocktofedora.net" {
type master;
file "master/flocktofedora.net";
};
zone "release-monitoring.org" {
type master;
file "master/release-monitoring.org";
};

112
roles/dns/tasks/main.yml Normal file
View file

@ -0,0 +1,112 @@
---
- name: install packages
yum: name={{ item }} state=present
with_items:
- bind
- unzip
- git
tags:
- packages
- name: create directories
file: path=/var/named/chroot/{{ item }} state=directory owner=named group=named mode=0755
with_items:
- ""
- "etc"
- "etc/named"
- "cache"
- "dev"
- "log"
- "var"
- "usr"
- "usr/lib"
- "usr/lib/bind"
- "var/named"
- "var/run"
- "var/run/named"
- "master"
- name: create chroot random
command: /bin/mknod /var/named/chroot/dev/random c 1 8
args:
creates: /var/named/chroot/dev/random
- name: create chroot null
command: /bin/mknod /var/named/chroot/dev/null c 1 3
args:
creates: /var/named/chroot/dev/null
- name: create chroot zero
command: /bin/mknod /var/named/chroot/dev/zero c 1 5
args:
creates: /var/named/chroot/dev/zero
- name: copy rndc config
copy: src={{ item}} dest=/etc/
with_items:
- rndc.conf
- rndc.key
notify:
- restart named
tags:
- config
- name: copy named cache
copy: src=named.ca dest=/var/named/chroot/cache/named.ca
notify:
- restart named
tags:
- config
- name: copy named sysconfig
copy: src=named dest=/etc/sysconfig/named mode=0644 owner=root group=root
notify:
- restart named
tags:
- config
- name: copy GeoIP.sh
copy: src=GeoIP.sh dest=/var/named/chroot/GeoIP.sh mode=0755
notify:
- create GeoIP acl
- restart named
tags:
- config
- name: create GeoIP acl
command: /var/named/chroot/GeoIP.sh
args:
creates: /var/named/chroot/etc/GeoIP.acl
notify:
- restart named
- name: copy update-dns
copy: src=update-dns dest=/usr/local/bin/update-dns mode=0755
notify:
- restart named
tags:
- config
- name: copy zones
copy: src=zones.conf dest=/var/named/chroot/etc/zones.conf owner=root group=root mode=0644
notify:
- restart named
tags:
- config
- name: copy named config
template: src=named.conf dest=/var/named/chroot/etc/named.conf mode=0644 owner=root group=root
notify:
- restart named
tags:
- config
- name: update dns
command: /usr/local/bin/update-dns
notify:
- restart named
tags:
- config
- name: named service
service: name=named state=started enabled=yes