Merge branch 'molecule' into 'main'

Molecule

See merge request operations/ansible-bind9-role!3

.gitlab-ci.yml

@@ -0,0 +1,22 @@
+---
+image: docker:stable-dind
+
+services:
+  - docker:dind
+
+before_script:
+  - apk add --no-cache
+    python3 python3-dev py3-pip gcc git curl build-base
+    autoconf automake py3-cryptography linux-headers
+    musl-dev libffi-dev openssl-dev openssh
+  - docker info
+  - python3 --version
+  - python3 -m pip install ansible molecule[docker]
+    ansible-lint
+  - ansible --version
+  - molecule --version
+
+molecule:
+  stage: test
+  script:
+    - molecule test

.travis.yml

@@ -1,35 +0,0 @@
----
-language: python
-python: "2.7"
-
-# Use the new container infrastructure
-sudo: required
-
-# Install ansible
-addons:
-  apt:
-    packages:
-    - python-pip
-
-install:
-  # Install ansible
-  - pip install ansible
-
-  # Check ansible version
-  - ansible --version
-
-  # Create ansible.cfg with correct roles_path
-  - printf '[defaults]\nroles_path=../' >ansible.cfg
-
-script:
-  # Basic role syntax check
-  - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
-
-#notifications:
-#  webhooks: https://galaxy.ansible.com/api/v1/notifications/
-
-env:
-- distribution: debian
-  version: bullseye
-- distribution: ubuntu
-  version: jammy

defaults/main.yml

@@ -28,4 +28,10 @@ bind9_default_config:
     options:
       directory: "{{ bind9_working_directory }}"
 
-bind9_config: "{{ [bind9_default_config, bind9_group_config, bind9_leaf_config, bind9_host_config] | community.general.lists_mergeby('name', recursive=true, list_merge='append_rp') }}"
+bind9_config: "{{ [bind9_default_config,
+  bind9_group_config,
+  bind9_leaf_config,
+  bind9_host_config] |
+  community.general.lists_mergeby('name',
+    recursive=true,
+    list_merge='append_rp') }}"

handlers/main.yml

@@ -1,23 +1,26 @@
 ---
 # handlers file for bind9
-- name: reload bind
+- name: Reload bind
   ansible.builtin.service:
     name: named
     state: reloaded
 
-- name: restart bind
+- name: Restart bind
   ansible.builtin.service:
     name: named
     state: restarted
 
-- name: backup bind config
+- name: Backup bind config
   community.general.archive:
     path:
       - "{{ bind9_cfgdir }}"
       - "{{ bind9_working_directory }}"
       - "{{ bind9_libdir }}"
-    dest: "{{ bind9_backup_dir }}/bind9-config-{{ ansible_date_time.iso8601_basic_short }}.tar.gz"
+    dest: >
+      {{ bind9_backup_dir }}/
+      bind9-config-
+      {{ ansible_date_time.iso8601_basic_short }}.tar.gz
     owner: root
     group: root
     mode: 0640
-  when: bind9_backup_config is defined and bind9_backup_config
+  when: bind9_backup_config is defined and bind9_backup_config

meta/main.yml

@@ -1,52 +1,32 @@
+---
 galaxy_info:
+  role_name: bind9
+  namespace: keepit
+
   author: Daniel Akulenok
   description: Configure Bind9
   company: Keepit
 
-  # If the issue tracker for your role is not on github, uncomment the
+  issue_tracker_url: https://gitlab.off.keepit.com/operations/ansible-bind9-role
-  # next line and provide a value
-  # issue_tracker_url: http://example.com/issue/tracker
 
-  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  license: GPL-3.0-or-later
-  # - BSD-3-Clause (default)
-  # - MIT
-  # - GPL-2.0-or-later
-  # - GPL-3.0-only
-  # - Apache-2.0
-  # - CC-BY-4.0
-  license: GPL-2.0-or-later
 
-  min_ansible_version: 2.1
+  min_ansible_version: "2.13"
 
-  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  platforms:
-  # min_ansible_container_version:
+    - name: Ubuntu
+      versions:
+        - jammy
+        - focal
+    - name: Debian
+      versions:
+        - bullseye
 
-  #
+  galaxy_tags:
-  # Provide a list of supported platforms, and for each platform a list of versions.
+    - bind9
-  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+    - bind
-  # To view available platforms and versions (or releases), visit:
+    - dns
-  # https://galaxy.ansible.com/api/v1/platforms/
+    - ubuntu
-  #
+    - debian
-  # platforms:
-  # - name: Fedora
-  #   versions:
-  #   - all
-  #   - 25
-  # - name: SomePlatform
-  #   versions:
-  #   - all
-  #   - 1.0
-  #   - 7
-  #   - 99.99
-
-  galaxy_tags: []
-    # List tags for your role here, one per line. A tag is a keyword that describes
-    # and categorizes the role. Users find roles by searching for tags. Be sure to
-    # remove the '[]' above, if you add tags to this list.
-    #
-    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
-    #       Maximum 20 tags per role.
 
 dependencies: []
-  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
-  # if you add dependencies to this list.

molecule/default/converge.yml

@@ -0,0 +1,5 @@
+---
+- name: Converge
+  hosts: all
+  roles:
+    - keepit.bind9

molecule/default/molecule.yml

@@ -0,0 +1,22 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: ubuntu-jammy
+    image: ubuntu:jammy
+  - name: ubuntu-focal
+    image: ubuntu:focal
+  - name: debian-bullseye
+    image: debian:bullseye
+provisioner:
+  name: ansible
+  lint:
+    name: ansible-lint
+verifier:
+  name: ansible
+lint: |
+  set -e
+  yamllint .
+  ansible-lint .

molecule/default/verify.yml

@@ -0,0 +1,10 @@
+---
+# This is an example playbook to execute Ansible tests.
+
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+  - name: Example assertion
+    ansible.builtin.assert:
+      that: true

tasks/main.yml

@@ -4,6 +4,7 @@
   ansible.builtin.apt:
     name: "{{ bind9_packages }}"
     state: present
+    cache_valid_time: 3600
   tags:
     - bind9
     - packages
@@ -17,12 +18,13 @@
     mode: 0750
   when: bind9_backup_config is defined and bind9_backup_config
 
-- name: named.conf.generator
+- name: Template named.conf.generator
   ansible.builtin.template:
     src: named.conf.generator.j2
     dest: "{{ bind9_cfgdir }}/{{ item.name }}"
     owner: root
     group: bind
+    mode: 0640
     backup: "{{ item.backup | default('false') | bool }}"
   # validate: 'named-checkconf -z -j %s'
   loop: "{{ bind9_config }}"
@@ -32,8 +34,8 @@
     - bind9
     - template
   notify:
-    - backup bind config
+    - Backup bind config
-    - restart bind
+    - Restart bind
 
 - name: Ensure the named service is started
   ansible.builtin.service:

templates/named.conf.generator.j2

@@ -1,4 +1,4 @@
-{% import 'named.conf.functions.j2' as functions %}
+{% import 'named.conf.functions.j2' as functions with context %}
 {{ ansible_managed | comment }}
 {% if item.options is defined and item.options %}
 {% from 'named.conf.options.j2' import options with context %}
@@ -51,7 +51,7 @@ options {
 {% endif %}
 {% if item.parental_agents is defined and item.parental_agents %}
 {% from 'named.conf.parental-agents.j2' import parental_agents with context %}
-{{ parental_agents(item.parental_agents) }}
+{{ parental_agents(item.parental_agents) -}}
 {% endif %}
 {% if item.server is defined and item.server %}
 {% from 'named.conf.server.j2' import server with context %}
@@ -76,4 +76,4 @@ options {
 {% if item.view is defined and item.view %}
 {% from 'named.conf.view.j2' import view with context %}
 {{ view(item.view) }}
-{% endif %}
+{% endif %}

templates/named.conf.options.j2

@@ -2,7 +2,7 @@
 {# Unicorn Options#}
 {% if option.rrset_order is defined and option.rrset_order %}
 rrset-order {
-{% filter indent(bind9_config_indent*2, true) %}
+{% filter indent(bind9_config_indent, true) %}
 {% for rrset in option.rrset_order %}
 {{ ('class ' + rrset.class | string + ' ') if rrset.class is defined and rrset.class -}}
 {{ ('type ' + rrset.type | string + ' ') if rrset.type is defined and rrset.type -}}
@@ -38,7 +38,7 @@ response-policy {
 {{- (' nsip-enable ' + functions.named_boolean(option.response_policy.nsip_enable)) if option.response_policy.nsip_enable is defined -}}
 {{- (' nsdname-enable ' + functions.named_boolean(option.response_policy.nsdname_enable)) if option.response_policy.nsdname_enable is defined -}}
 {{- (' dnsrps-enable ' + functions.named_boolean(option.response_policy.dnsrps_enable)) if option.response_policy.dnsrps_enable is defined -}}
-{{- (' dnsrps-options {\n' + functions.simple_item_list(option.response_policy.dnsrps_options) + '}') if option.response_policy.dnsrps_options is defined and option.response_policy.dnsrps_options -}};
+{{- (' dnsrps-options { ' + option.response_policy.dnsrps_options | join('; ') + '; }') if option.response_policy.dnsrps_options is defined and option.response_policy.dnsrps_options -}};
 {% endif %}
 {% if option.response_padding is defined and option.response_padding %}
 response-padding {
@@ -164,7 +164,7 @@ check-names {{ policy.type }} {{ policy.action }};
 catalog-zones {
 {% for catalog_zone in option.catalog_zones %}
 zone {{ catalog_zone.zone }}
-{% filter indent(bind9_config_indent*3, true) %}
+{% filter indent(bind9_config_indent, true) %}
 {% if catalog_zone.default_primaries is defined and catalog_zone.default_primaries %}
 default-primaries
 {{- (' port ' + catalog_zone.default_primaries.port | string) if catalog_zone.default_primaries.port is defined and catalog_zone.default_primaries.port -}}

templates/named.conf.parental-agents.j2

@@ -3,8 +3,7 @@
 parental-agents {{ agent.name -}}
 {{ (' port ' + agent.port | string) if agent.port is defined and agent.port -}}
 {{ (' dscp ' + agent.dscp | string) if agent.dscp is defined and agent.dscp }} {
-{% filter indent(bind9_config_indent, true) %}
+{{ functions.list_address_port_key_tls(agent.addresses) -}}};
-{{ functions.list_address_port_key_tls(agent.addresses) -}}
+
-{% endfilter %}};
 {% endfor %}
 {% endmacro %}