Add main playbook for dnsserver role

Update inventory file Update zone file Add conditionnal and port setting in config Fix syntax error for file module Add SELinux boolean configuration
author: Matthieu Saulnier <fantom@fedoraproject.org> 2014-10-12 01:04:07 +0200
committer: Matthieu Saulnier <fantom@fedoraproject.org> 2014-10-12 01:04:07 +0200
commit: 3568a116090758c76cbd24391ad8b3d460c06283 (patch)
tree: 1b10bbaf6d69f672dcdbf1e81fb885be46590f82
parent: 9d6f806272bc144b2d964ed55fc6b80067212261 (diff)
download: playbooks-ansible-3568a116090758c76cbd24391ad8b3d460c06283.tar.gz
playbooks-ansible-3568a116090758c76cbd24391ad8b3d460c06283.tar.xz
playbooks-ansible-3568a116090758c76cbd24391ad8b3d460c06283.zip
6 files changed, 36 insertions, 5 deletions
diff --git a/dnsserver.yml b/dnsserver.yml
new file mode 100644
index 0000000..d3cd181
--- /dev/null
+++ b/dnsserver.yml
@@ -0,0 +1,5 @@
+- hosts: dns
+  remote_user: root
+  roles:
+    - common
+    - dnsserver
diff --git a/hosts b/hosts
index d7b88fb..8943c68 100644
--- a/hosts
+++ b/hosts
@@ -32,3 +32,8 @@ lancaster.casperlefantom.net
 vm01.casperlefantom.net
 vm02.casperlefantom.net
 vm03.casperlefantom.net
+
+[dns]
+lancaster.casperlefantom.net
+ns2.casperlefantom.net
+vm02.casperlefantom.net
diff --git a/roles/dnsserver/files/casperlefantom.net.zone b/roles/dnsserver/files/casperlefantom.net.zone
index d76a22c..286936f 100644
--- a/roles/dnsserver/files/casperlefantom.net.zone
+++ b/roles/dnsserver/files/casperlefantom.net.zone
@@ -1,6 +1,6 @@
 $ttl 86400
 casperlefantom.net. IN SOA ns1.casperlefantom.net. hostmaster.casperlefantom.net. (
-2014060900
+2014101200
 10800
 3600
 604800
@@ -11,8 +11,8 @@ casperlefantom.net. IN SOA ns1.casperlefantom.net. hostmaster.casperlefantom.net
 
 @ IN MX 10 mail.casperlefantom.net.
 
-@ IN A 82.247.103.117
-@ IN AAAA 2a01:e35:2f76:7750::4
+@ IN A 178.170.111.194
+@ IN AAAA 2a00:c70:1:178:170:111:194:5000
 
 www IN A 82.247.103.117
 www IN AAAA 2a01:e35:2f76:7750::4
@@ -68,3 +68,6 @@ ntp2 IN AAAA 2a00:c70:1:178:170:111:194:5000
 
 bank IN A 82.247.103.117
 bank IN AAAA 2a01:e35:2f76:7750::4
+
+blog IN A 82.247.103.117
+blog IN AAAA 2a01:e35:2f76:7750::4
diff --git a/roles/dnsserver/tasks/config.yml b/roles/dnsserver/tasks/config.yml
index 47bb295..6d078f7 100644
--- a/roles/dnsserver/tasks/config.yml
+++ b/roles/dnsserver/tasks/config.yml
@@ -10,6 +10,7 @@
             owner=root
             group=named
             mode=640
+  when: ansible_default_ipv6.address == master_ipv6
   notify: reload named
   with_items:
     - casperlefantom.net.zone
@@ -19,3 +20,7 @@
     - 117.103.247.82.in-addr.arpa
     - 0.0.0.5.4.9.1.0.1.1.1.0.0.7.1.0.8.7.1.0.1.0.0.0.0.7.c.0.0.0.a.2.ip6.arpa
     - 194.111.170.178.in-addr.arpa
+
+- name: Open listening port 53
+  firewalld: service=dns permanent=true state=enabled
+  when: ansible_distribution == "Fedora"
diff --git a/roles/dnsserver/tasks/dirs.yml b/roles/dnsserver/tasks/dirs.yml
index 5768ad3..93a0a1a 100644
--- a/roles/dnsserver/tasks/dirs.yml
+++ b/roles/dnsserver/tasks/dirs.yml
@@ -13,7 +13,7 @@
   when: ansible_distribution == "CentOS"
 
 - name: Création initiale des fichiers journaux dans /var/log/
-  file: path=/var/log/named/{{ item }} state=present
+  file: path=/var/log/named/{{ item }} state=file
         owner=named
         group=named
         mode=644
@@ -29,7 +29,7 @@
   when: ansible_distribution == "Fedora"
 
 - name: Création initiale des fichiers journaux dans /var/named/chroot/
-  file: path=/var/named/chroot/var/log/named/{{ item }} state=present
+  file: path=/var/named/chroot/var/log/named/{{ item }} state=file
         owner=named
         group=named
         mode=644
@@ -46,3 +46,7 @@
 
 - name: Modification des permissions de /var/named/
   file: path=/var/named/ state=directory mode=770
+
+- name: Configuration booleen SELinux de /var/named/
+  seboolean: name=named_write_master_zones state=yes persistent=yes
+  when: ansible_selinux != false
diff --git a/roles/dnsserver/templates/named.conf.j2 b/roles/dnsserver/templates/named.conf.j2
index 9d5356e..36acbad 100644
--- a/roles/dnsserver/templates/named.conf.j2
+++ b/roles/dnsserver/templates/named.conf.j2
@@ -240,5 +240,14 @@ zone "0.0.0.5.4.9.1.0.1.1.1.0.0.7.1.0.8.7.1.0.1.0.0.0.0.7.c.0.0.0.a.2.ip6.arpa"
 {% endif %}
 };
 
+{% if ansible_default_ipv6.address != master_ipv6 and ansible_default_ipv6.address != slave1_ipv6 %}
+{% for domain in google.com google.fr googlevideos.com admob.com adsense.com adwords.com android.com blogger.com blogspot.com chromium.org chrome.com chromebook.com feedburner.com doubleclick.com igoogle.com foofle.com froogle.com googleanalytics.com google-analytics.com googlecode.com googlesource.com googledrive.com googlearth.com googleearth.com googlemaps.com googlepagecreator.com googlescholar.com keyhole.com panoramio.com picasa.com sketchup.com urchin.com waze.com youtube.com youtu.be yt.be ytimg.com youtubeeducation.com youtube-nocookie.com like.com google.org google.net 1e100.net 466453.com gooogle.com gogle.com ggoogle.com gogole.com goolge.com googel.com googil.com googlr.com ggpht.com gmodules.com gtempaccount.com gstatic.com googleadservices.com googleapps.com googleapis.com goo.gl googlebot.com googlecommerce.com googleratings.com googlesyndication.com googletagservices.com googleusercontent.com whatbrowser.org gmail.com googlemail.com facebook.com %}
+zone "{{ domain }}" IN {
+     type master;
+     file "";
+};
+{% endfor %}
+{% endif %}
+
 include "/etc/named.rfc1912.zones";
 include "/etc/named.root.key";
author	Matthieu Saulnier <fantom@fedoraproject.org>	2014-10-12 01:04:07 +0200
committer	Matthieu Saulnier <fantom@fedoraproject.org>	2014-10-12 01:04:07 +0200
commit	3568a116090758c76cbd24391ad8b3d460c06283 (patch)
tree	1b10bbaf6d69f672dcdbf1e81fb885be46590f82
parent	9d6f806272bc144b2d964ed55fc6b80067212261 (diff)
download	playbooks-ansible-3568a116090758c76cbd24391ad8b3d460c06283.tar.gz playbooks-ansible-3568a116090758c76cbd24391ad8b3d460c06283.tar.xz playbooks-ansible-3568a116090758c76cbd24391ad8b3d460c06283.zip