crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

[bind] Evaluate facts in tasks

certbot_on_virtu
Alexandre Iooss 2020-04-26 22:13:59 +02:00
parent 4e8eec6f22
commit f0c2e0f097
No known key found for this signature in database
GPG Key ID: 6C79278F3FCDCC02
4 changed files with 23 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
roles/bind-authoritative/tasks/dnssec.yml 100644
View File

@ -0,0 +1,4 @@
---
- name: TODO
debug:
msg: "Hey some work is being done here!"

14
roles/bind-authoritative/tasks/main.yml
View File

@ -7,6 +7,17 @@
retries: 3 retries: 3
until: apt_result is succeeded until: apt_result is succeeded
- name: Lookup DNS servers
set_fact:
masters_ipv4: "{{ bind.masters | json_query('servers[].interface[?vlan_id==`2`].ipv4[]') }}"
masters_ipv6: "{{ bind.masters | json_query('servers[].interface[?vlan_id==`2`].ipv6[][].ipv6') }}"
slaves_ipv4: "{{ bind.slaves | json_query('servers[].interface[?vlan_id==`2`].ipv4[]') }}"
slaves_ipv6: "{{ bind.slaves | json_query('servers[].interface[?vlan_id==`2`].ipv6[][].ipv6') }}"
- name: Is this the master?
set_fact:
is_master: "{{ ansible_all_ipv4_addresses | intersect(masters_ipv4) | bool }}"
- name: Deploy Bind9 configuration - name: Deploy Bind9 configuration
template: template:
src: bind/{{ item }}.j2 src: bind/{{ item }}.j2
@ -20,6 +31,9 @@
- named.conf.options - named.conf.options
notify: Reload Bind9 notify: Reload Bind9
- include: dnssec.yml
when: is_master
- name: Indicate role in motd - name: Indicate role in motd
template: template:
src: update-motd.d/05-service.j2 src: update-motd.d/05-service.j2

6
roles/bind-authoritative/templates/bind/named.conf.local.j2
View File

@ -4,12 +4,6 @@
// organization // organization
//include "/etc/bind/zones.rfc1918"; //include "/etc/bind/zones.rfc1918";
{%- set masters_ipv4 = bind.masters | json_query("servers[].interface[?vlan_id==`2`].ipv4[]") %}
{%- set masters_ipv6 = bind.masters | json_query("servers[].interface[?vlan_id==`2`].ipv6[][].ipv6") %}
{%- set slaves_ipv4 = bind.slaves | json_query("servers[].interface[?vlan_id==`2`].ipv4[]") %}
{%- set slaves_ipv6 = bind.slaves | json_query("servers[].interface[?vlan_id==`2`].ipv6[][].ipv6") %}
{%- set is_master = ansible_all_ipv4_addresses | intersect(masters_ipv4) %}
{% if is_master -%} {% if is_master -%}
// Let's Encrypt Challenge DNS-01 key // Let's Encrypt Challenge DNS-01 key
key "certbot_challenge." { key "certbot_challenge." {

6
roles/bind-authoritative/templates/update-motd.d/05-service.j2
View File

@ -1,3 +1,7 @@
#!/usr/bin/tail +14 #!/usr/bin/tail +14
{{ ansible_header | comment }} {{ ansible_header | comment }}
> Bind9 (autoritaire) a été déployé sur cette machine. Voir /etc/bind/. {% if is_master %}
> Bind9 (autoritaire, maître) a été déployé sur cette machine. Voir /etc/bind/.
{% else %}
> Bind9 (autoritaire, esclave) a été déployé sur cette machine. Voir /etc/bind/.
{% endif %}