Merge branch 'main' into test/verify-ci-fix

Reviewed-on: #18

.gitea/workflows/test.yaml

@@ -54,8 +54,8 @@ jobs:
         run: |
           pip install --no-cache-dir \
             ansible \
-            molecule[podman] \
-            podman-compose \
+            molecule \
+            molecule-podman \
             pyyaml \
             jinja2
 

.github/skills/molecule-role-testing/SKILL.md

@@ -0,0 +1,31 @@
+---
+name: molecule-role-testing
+description: Run Molecule scenarios to test the bind9 role using the repository's Molecule configuration.
+---
+
+Use this skill when asked to test or validate the role with Molecule.
+
+## Scope
+- Repository root: /home/alive/Code/ansible-bind9-role
+- Scenarios: molecule/default and molecule/bind9-20
+- Driver: podman
+
+## Prerequisites
+1. Ensure Podman is available and the current user can run it.
+2. Ensure Molecule and Ansible are installed in the active Python environment.
+
+## Default scenario (BIND 9.18 LTS)
+1. From the repository root, run:
+   - molecule test
+2. If a faster check is requested, run:
+   - molecule converge
+
+## BIND 9.20+ scenario
+1. From the repository root, run:
+   - molecule test -s bind9-20
+2. If a faster check is requested, run:
+   - molecule converge -s bind9-20
+
+## Notes
+- The scenarios use systemd-enabled containers and require privileged Podman.
+- If a scenario fails, capture the error summary and relevant logs before making changes.

.gitignore

@@ -0,0 +1 @@
+Testing CI fix

molecule/bind9-20/verify.yml

@@ -105,6 +105,7 @@
 
     - name: Verify no critical errors in logs
       ansible.builtin.shell: |
+        set -o pipefail
         if grep -i "error" /var/log/named/default.log | grep -v "error reporting" > /dev/null; then
           exit 1
         fi

molecule/default/converge.yml

@@ -2,18 +2,11 @@
 - name: Converge
   hosts: all
   tasks:
-    - name: Create log directory for BIND
-      ansible.builtin.file:
-        path: /var/log/named
-        state: directory
-        mode: '0755'
-        owner: bind
-        group: bind
-
     - name: Include bind9 role
       ansible.builtin.include_role:
         name: ../../../ansible-bind9-role  # noqa: role-name[path]
   vars:
+    bind9_log_dir: /var/log/named
     bind9_backup_config: false
     bind9_host_config:
       - name: named.conf.options
@@ -113,3 +106,14 @@
             forwarders:
               - 10.0.0.53
               - 10.0.0.54
+
+- name: Post-converge
+  hosts: all
+  tasks:
+    - name: Create log directory for BIND
+      ansible.builtin.file:
+        path: /var/log/named
+        state: directory
+        mode: '0750'
+        owner: bind
+        group: bind

molecule/default/verify.yml

@@ -41,7 +41,8 @@
       ansible.builtin.assert:
         that:
           - "'forwarders' in __options_decoded"
-          - "'8.8.8.8' in __options_decoded"
+          - "'91.239.100.100' in __options_decoded"
+          - "'89.233.43.71' in __options_decoded"
           - "'forward first' in __options_decoded"
         fail_msg: Forwarders not properly configured in named.conf.options
       vars:

tasks/main.yml

@@ -18,6 +18,17 @@
     mode: "0750"
   when: bind9_backup_config is defined and bind9_backup_config | bool
 
+- name: Ensure logging directory exists if defined
+  ansible.builtin.file:
+    path: "{{ bind9_log_dir }}"
+    state: directory
+    owner: bind
+    group: bind
+    mode: "0750"
+  when:
+    - bind9_log_dir is defined
+    - bind9_log_dir is not none
+
 - name: Deploy and Validate Configuration
   tags:
     - bind9
@@ -34,6 +45,7 @@
         owner: root
         group: bind
         mode: "0640"
+      when: bind9_backup_config | bool
       changed_when: false
       failed_when: false # It's okay if the file doesn't exist yet
       loop: "{{ bind9_config }}"