Compare commits
6 Commits
68a7b62305
...
feature/fo
| Author | SHA1 | Date | |
|---|---|---|---|
|
5f4bb3ccda | ||
|
|
4cb9cb3e3f | ||
|
|
45d9861960 | ||
|
|
28f8ca5c12 | ||
|
|
17a9918685 | ||
|
|
ca70afbd51 |
63
.gitea/workflows/test.yaml
Normal file
63
.gitea/workflows/test.yaml
Normal file
@@ -0,0 +1,63 @@
|
|||||||
|
---
|
||||||
|
name: Test
|
||||||
|
|
||||||
|
on: # noqa: yaml[truthy]
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- main
|
||||||
|
- feature/**
|
||||||
|
pull_request:
|
||||||
|
branches:
|
||||||
|
- main
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
lint:
|
||||||
|
name: Lint
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v6
|
||||||
|
|
||||||
|
- name: Set up Python
|
||||||
|
uses: actions/setup-python@v4
|
||||||
|
with:
|
||||||
|
python-version: '3.11'
|
||||||
|
|
||||||
|
- name: Install tools
|
||||||
|
run: |
|
||||||
|
pip install --no-cache-dir yamllint ansible-lint
|
||||||
|
|
||||||
|
- name: Run yamllint
|
||||||
|
run: yamllint -d relaxed .
|
||||||
|
|
||||||
|
- name: Run ansible-lint
|
||||||
|
run: ansible-lint --strict --profile=production
|
||||||
|
|
||||||
|
test:
|
||||||
|
name: Test
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
needs: lint
|
||||||
|
if: github.event_name == 'pull_request'
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v6
|
||||||
|
|
||||||
|
- name: Set up Python
|
||||||
|
uses: actions/setup-python@v4
|
||||||
|
with:
|
||||||
|
python-version: '3.11'
|
||||||
|
|
||||||
|
- name: Install podman
|
||||||
|
run: |
|
||||||
|
sudo apt-get update
|
||||||
|
sudo apt-get install -y podman
|
||||||
|
|
||||||
|
- name: Install dependencies
|
||||||
|
run: |
|
||||||
|
pip install --no-cache-dir \
|
||||||
|
ansible \
|
||||||
|
molecule[podman] \
|
||||||
|
podman-compose \
|
||||||
|
pyyaml \
|
||||||
|
jinja2
|
||||||
|
|
||||||
|
- name: Run Molecule tests
|
||||||
|
run: molecule test
|
||||||
@@ -21,5 +21,5 @@
|
|||||||
ansible_facts.date_time.iso8601_basic_short + '.tar.gz' }}"
|
ansible_facts.date_time.iso8601_basic_short + '.tar.gz' }}"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0640
|
mode: '0640'
|
||||||
when: bind9_backup_config is defined and bind9_backup_config
|
when: bind9_backup_config is defined and bind9_backup_config
|
||||||
|
|||||||
@@ -7,7 +7,8 @@ argument_specs:
|
|||||||
type: list
|
type: list
|
||||||
elements: dict
|
elements: dict
|
||||||
description:
|
description:
|
||||||
- A list of configuration dictionaries that are merged to produce the final configuration.
|
- A list of configuration dictionaries that are merged to
|
||||||
|
produce the final configuration.
|
||||||
- Each element must have a 'name' key (filename).
|
- Each element must have a 'name' key (filename).
|
||||||
bind9_default_config:
|
bind9_default_config:
|
||||||
type: list
|
type: list
|
||||||
|
|||||||
@@ -4,4 +4,3 @@ collections:
|
|||||||
- name: ansible.posix
|
- name: ansible.posix
|
||||||
- name: community.crypto
|
- name: community.crypto
|
||||||
- name: community.general
|
- name: community.general
|
||||||
|
|
||||||
|
|||||||
@@ -4,7 +4,7 @@
|
|||||||
tasks:
|
tasks:
|
||||||
- name: Include bind9 role
|
- name: Include bind9 role
|
||||||
ansible.builtin.include_role:
|
ansible.builtin.include_role:
|
||||||
name: ../../../ansible-bind9-role
|
name: ../../../ansible-bind9-role # noqa: role-name[path]
|
||||||
vars:
|
vars:
|
||||||
bind9_host_config:
|
bind9_host_config:
|
||||||
- name: named.conf.options
|
- name: named.conf.options
|
||||||
|
|||||||
@@ -1,5 +1,6 @@
|
|||||||
---
|
---
|
||||||
- hosts: all
|
- name: Prepare
|
||||||
|
hosts: all
|
||||||
tasks:
|
tasks:
|
||||||
- name: Update apt
|
- name: Update apt
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
|
|||||||
@@ -15,10 +15,16 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0750
|
mode: '0750'
|
||||||
when: bind9_backup_config is defined and bind9_backup_config | bool
|
when: bind9_backup_config is defined and bind9_backup_config | bool
|
||||||
|
|
||||||
- name: Deploy and Validate Configuration
|
- name: Deploy and Validate Configuration
|
||||||
|
tags:
|
||||||
|
- bind9
|
||||||
|
- template
|
||||||
|
notify:
|
||||||
|
- Backup bind config
|
||||||
|
- Restart bind
|
||||||
block:
|
block:
|
||||||
- name: Create backup of current config
|
- name: Create backup of current config
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
@@ -27,9 +33,8 @@
|
|||||||
remote_src: true
|
remote_src: true
|
||||||
owner: root
|
owner: root
|
||||||
group: bind
|
group: bind
|
||||||
mode: 0640
|
mode: '0640'
|
||||||
failed_when: false # It's okay if the file doesn't exist yet
|
failed_when: false # It's okay if the file doesn't exist yet
|
||||||
# We do this for every file in the loop
|
|
||||||
loop: "{{ bind9_config }}"
|
loop: "{{ bind9_config }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
label: "{{ item.name }}"
|
label: "{{ item.name }}"
|
||||||
@@ -40,7 +45,7 @@
|
|||||||
dest: "{{ bind9_cfgdir }}/{{ item.name }}"
|
dest: "{{ bind9_cfgdir }}/{{ item.name }}"
|
||||||
owner: root
|
owner: root
|
||||||
group: bind
|
group: bind
|
||||||
mode: 0640
|
mode: '0640'
|
||||||
loop: "{{ bind9_config }}"
|
loop: "{{ bind9_config }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
label: "{{ item.name }}"
|
label: "{{ item.name }}"
|
||||||
@@ -59,7 +64,7 @@
|
|||||||
remote_src: true
|
remote_src: true
|
||||||
owner: root
|
owner: root
|
||||||
group: bind
|
group: bind
|
||||||
mode: 0640
|
mode: '0640'
|
||||||
loop: "{{ bind9_config }}"
|
loop: "{{ bind9_config }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
label: "{{ item.name }}"
|
label: "{{ item.name }}"
|
||||||
@@ -67,7 +72,9 @@
|
|||||||
|
|
||||||
- name: Fail due to invalid configuration
|
- name: Fail due to invalid configuration
|
||||||
ansible.builtin.fail:
|
ansible.builtin.fail:
|
||||||
msg: "Configuration validation failed. Changes have been reverted. Check the logs for named-checkconf errors."
|
msg: |
|
||||||
|
Configuration validation failed. Changes have been reverted.
|
||||||
|
Check the logs for named-checkconf errors.
|
||||||
|
|
||||||
always:
|
always:
|
||||||
- name: Remove backup files
|
- name: Remove backup files
|
||||||
@@ -77,14 +84,7 @@
|
|||||||
loop: "{{ bind9_config }}"
|
loop: "{{ bind9_config }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
label: "{{ item.name }}"
|
label: "{{ item.name }}"
|
||||||
when: bind9_backup_config | bool is false # Keep if backup is forced, otherwise cleanup temporary atomic backup
|
when: bind9_backup_config | bool is false
|
||||||
|
|
||||||
tags:
|
|
||||||
- bind9
|
|
||||||
- template
|
|
||||||
notify:
|
|
||||||
- Backup bind config
|
|
||||||
- Restart bind
|
|
||||||
|
|
||||||
- name: Ensure the named service is started
|
- name: Ensure the named service is started
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
|
|||||||
@@ -2,4 +2,4 @@
|
|||||||
- hosts: localhost
|
- hosts: localhost
|
||||||
remote_user: root
|
remote_user: root
|
||||||
roles:
|
roles:
|
||||||
- bind9
|
- bind9 # noqa: syntax-check[specific]
|
||||||
|
|||||||
Reference in New Issue
Block a user