99 lines
2.7 KiB
YAML
99 lines
2.7 KiB
YAML
---
|
|
# tasks file for bind9
|
|
- name: Install bind9
|
|
ansible.builtin.apt:
|
|
name: "{{ bind9_packages }}"
|
|
state: present
|
|
cache_valid_time: 3600
|
|
tags:
|
|
- bind9
|
|
- packages
|
|
|
|
- name: Ensure backup directory exists
|
|
ansible.builtin.file:
|
|
path: "{{ bind9_backup_dir }}"
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: 0750
|
|
when: bind9_backup_config is defined and bind9_backup_config
|
|
|
|
- name: Deploy and Validate Configuration
|
|
block:
|
|
- name: Create backup of current config
|
|
ansible.builtin.copy:
|
|
src: "{{ bind9_cfgdir }}/{{ item.name }}"
|
|
dest: "{{ bind9_cfgdir }}/{{ item.name }}.bak"
|
|
remote_src: true
|
|
owner: root
|
|
group: bind
|
|
mode: 0640
|
|
failed_when: false # It's okay if the file doesn't exist yet
|
|
# We do this for every file in the loop
|
|
loop: "{{ bind9_config }}"
|
|
loop_control:
|
|
label: "{{ item.name }}"
|
|
|
|
- name: Template named.conf.generator
|
|
ansible.builtin.template:
|
|
src: named.conf.generator.j2
|
|
dest: "{{ bind9_cfgdir }}/{{ item.name }}"
|
|
owner: root
|
|
group: bind
|
|
mode: 0640
|
|
loop: "{{ bind9_config }}"
|
|
loop_control:
|
|
label: "{{ item.name }}"
|
|
register: _template_result
|
|
|
|
- name: Validate configuration using named-checkconf
|
|
ansible.builtin.command:
|
|
cmd: "named-checkconf -z {{ bind9_cfgdir }}/named.conf"
|
|
changed_when: false
|
|
|
|
rescue:
|
|
- name: Restore configuration from backup
|
|
ansible.builtin.copy:
|
|
src: "{{ bind9_cfgdir }}/{{ item.name }}.bak"
|
|
dest: "{{ bind9_cfgdir }}/{{ item.name }}"
|
|
remote_src: true
|
|
owner: root
|
|
group: bind
|
|
mode: 0640
|
|
loop: "{{ bind9_config }}"
|
|
loop_control:
|
|
label: "{{ item.name }}"
|
|
failed_when: false # Best effort restore
|
|
|
|
- name: Fail due to invalid configuration
|
|
ansible.builtin.fail:
|
|
msg: "Configuration validation failed. Changes have been reverted. Check the logs for named-checkconf errors."
|
|
|
|
always:
|
|
- name: Remove backup files
|
|
ansible.builtin.file:
|
|
path: "{{ bind9_cfgdir }}/{{ item.name }}.bak"
|
|
state: absent
|
|
loop: "{{ bind9_config }}"
|
|
loop_control:
|
|
label: "{{ item.name }}"
|
|
when: bind9_backup_config | bool is false # Keep if backup is forced, otherwise cleanup temporary atomic backup
|
|
|
|
tags:
|
|
- bind9
|
|
- template
|
|
notify:
|
|
- Backup bind config
|
|
- Restart bind
|
|
|
|
- name: Ensure the named service is started
|
|
ansible.builtin.service:
|
|
name: named
|
|
state: started
|
|
enabled: true
|
|
|
|
- name: Print the bind9_config
|
|
ansible.builtin.debug:
|
|
var: bind9_config
|
|
when: bind9_debug_config | bool
|