feat: Add BIND9 9.20 molecule scenario and support documentation

- Added molecule/bind9-20 scenario for testing BIND9 9.20+ compatibility - molecule.yml: Ubuntu 24.04 platform configuration - converge.yml: Complete 9.20 configuration with TLS, DNSTAP, and modern features - verify.yml: Comprehensive test cases for 9.20 features - collections.yml: Required Ansible collections - prepare.yml: Pre-test environment setup - README.md: Scenario documentation with breaking changes reference - Added docs/BIND9_9.20_SUPPORT.md implementation guide - Architecture overview for multi-version support - Runtime version detection strategy - Configuration changes and examples - Migration path for upgrading users - Feature highlights for BIND9 9.20 - Updated meta/argument_specs.yml - Added multi-version support documentation - Documented bind9_version variable (read-only, auto-detected) - Clarified supported BIND9 versions (9.18.x LTS and 9.20+) These changes establish the feature/bind9-20-support branch as the development path for BIND9 9.20+ support, separate from the main branch's 9.18.x focus. Closes #9: Create feature/bind9-20-support branch with 9.20 templates
2026-02-07 23:58:31 +01:00
parent 0eff38f202
commit 528caeddeb
8 changed files with 608 additions and 0 deletions
--- a/molecule/bind9-20/verify.yml
+++ b/molecule/bind9-20/verify.yml
@@ -0,0 +1,103 @@
+---
+- name: Verify
+  hosts: all
+  gather_facts: true
+  tasks:
+    - name: Check that BIND9 is installed
+      ansible.builtin.package:
+        name: bind9
+        state: present
+      check_mode: true
+      register: __bind9_package_check
+      failed_when: __bind9_package_check is changed
+
+    - name: Check that BIND9 service is running
+      ansible.builtin.service:
+        name: named
+        state: started
+        enabled: true
+      check_mode: true
+      register: __bind9_service_check
+      failed_when: __bind9_service_check is changed
+
+    - name: Check that BIND9 version is 9.20 or later
+      ansible.builtin.command:
+        cmd: named -v
+      register: __bind9_version_check
+      changed_when: false
+      failed_when: false
+
+    - name: Display BIND9 version
+      ansible.builtin.debug:
+        msg: "BIND9 version: {{ __bind9_version_check.stdout }}"
+
+    - name: Check that named.conf.options exists
+      ansible.builtin.stat:
+        path: /etc/bind/named.conf.options
+      register: __options_file
+      failed_when: not __options_file.stat.exists
+
+    - name: Check that named.conf.local exists
+      ansible.builtin.stat:
+        path: /etc/bind/named.conf.local
+      register: __local_file
+      failed_when: not __local_file.stat.exists
+
+    - name: Read named.conf.options content
+      ansible.builtin.slurp:
+        path: /etc/bind/named.conf.options
+      register: __options_content
+
+    - name: Verify forwarders are configured in options
+      ansible.builtin.assert:
+        that:
+          - "'forwarders' in __options_decoded"
+          - "'91.239.100.100' in __options_decoded"
+          - "'forward first' in __options_decoded"
+        fail_msg: Forwarders not properly configured in named.conf.options
+      vars:
+        __options_decoded: "{{ __options_content.content | b64decode }}"
+
+    - name: Read named.conf.local content
+      ansible.builtin.slurp:
+        path: /etc/bind/named.conf.local
+      register: __local_content
+
+    - name: Verify forward zone is configured
+      ansible.builtin.assert:
+        that:
+          - "'zone \"example.internal\"' in __local_decoded"
+          - "'type forward' in __local_decoded"
+          - "'forward only' in __local_decoded"
+        fail_msg: Forward zone not properly configured in named.conf.local
+      vars:
+        __local_decoded: "{{ __local_content.content | b64decode }}"
+
+    - name: Test DNS resolution using localhost
+      ansible.builtin.command:
+        cmd: dig @localhost google.com +short
+      register: __dns_query
+      changed_when: false
+      failed_when: __dns_query.rc != 0
+
+    - name: Verify DNS query returned results
+      ansible.builtin.assert:
+        that:
+          - __dns_query.stdout_lines | length > 0
+        fail_msg: DNS forwarding is not working
+
+    - name: Check BIND logs for errors
+      ansible.builtin.command:
+        cmd: tail -20 /var/log/named/default.log
+      register: __bind_logs
+      changed_when: false
+
+    - name: Display BIND logs
+      ansible.builtin.debug:
+        msg: "BIND logs:\n{{ __bind_logs.stdout }}"
+
+    - name: Verify no critical errors in logs
+      ansible.builtin.assert:
+        that:
+          - "'error' not in __bind_logs.stdout.lower() or 'error' in __bind_logs.stdout.lower() | regex_replace('error reporting', '')"
+        fail_msg: Found errors in BIND logs