Skip to content

Ansible role to manage and setup BIND (Berkley Internet Naming Daemon).

License

Notifications You must be signed in to change notification settings

maxkochubey/bind

 
 

Repository files navigation

bind

License Build Status

Platform

Project Stats

Ansible role to setup BIND (Berkley Internet Naming Daemon).

Tests

Family Distribution Version Test Status
Debian Ubuntu Precise x86_64
Debian Ubuntu Trusty x86_64

Requirements

  • ansible >= 1.9.5

Role Variables

  • debug: flag to run debug tasks (default: false).
  • bind_dir_cache: directory where to store the bind zone files.
  • bind_dir_log: directory where to store the bind log files.
  • bind_default_resolvconf: wether or not you want to run resolvconf.
  • bind_default_options: extra parameters to pass to the bind daemon.
  • bind_local_includes: any includes for named.conf.local.
  • bind_named_conf_acl: content for the named.conf acl section.
  • bind_named_conf_controls: content for the named.conf controls section.
  • bind_named_conf_keys: keys for the named.conf keys section (see example below for format).
  • bind_named_conf_logging: channels and categories for the named.conf logging section (see example below for format).
  • bind_named_conf_options: content for the named.conf options section (mandatory).

Unless stated otherwise a default value is provided for each of the variables mentioned above in defaults/main.yml.

Dependencies

None.

Playbooks

Example:

- hosts: servers
  vars:
    debug: yes

    bind_default_options: '-4 -u bind'
    bind_dir_cache: /var/cache/bind
    bind_dir_log: /var/log/named

    bind_named_conf_acl:
      trusted: |
        localhost;
        localnets;

    bind_named_conf_controls: |
      inet 127.0.0.1 port 953 allow { 127.0.0.1; };

    bind_named_conf_keys:
      mykey:
        algorithm: hmac-md5
        secret: QJc08cnP1xkoF4a/eSZZbw==
      mykey2:
        algorithm: hmac-md5
        secret: QJc08cnP1xkoF4a/eSZZbw==

    bind_named_conf_logging:
      channels:
        update_debug: |
          file "{{ bind_dir_log }}/update_debug.log" versions 3 size 100k;
          severity debug;
          print-severity  yes;
          print-time      yes;
        security_info: |
          file "{{ bind_dir_log }}/security_info.log" versions 1 size 100k;
          severity info;
          print-severity  yes;
          print-time      yes;
        bind_log: |
          file "{{ bind_dir_log }}/bind.log" versions 3 size 1m;
          severity info;
          print-category  yes;
          print-severity  yes;
          print-time      yes;
      categories:
        default: bind_log
        lame-servers: 'null'
        update: update_debug
        update-security: update_debug
        security: security_info

    bind_local_includes: 
      - /etc/bind/named.local.includes

    bind_zones:
      example.com:
        type: master
        file: "\"{{ bind_dir_cache }}/db.example.com.zone\""

    bind_zone_databases:
        example.com:
          directives:
            ORIGIN: example.com.
            TTL: 3600
          resource_records:
            - { name: 'example.com.', class: 'IN', type: 'SOA', data: 'sid.example.com. root.example.com. ( 2007120710 1d 2h 4w 1h )' }

            - { name: '@', class: 'IN', type: 'NS', data: 'sid.example.com.' }
            - { name: '@', class: 'IN', type: 'MX', data: '10 sid.example.com.' }

            - { name: 'sid', class: 'IN', type: 'A', data: "192.168.0.1" }
            - { name: 'etch', class: 'IN', type: 'A', data: "192.168.0.2" }

            - { name: 'pop', class: 'IN', type: 'CNAME', data: 'sid' }
            - { name: 'www', class: 'IN', type: 'CNAME', data: 'sid' }
            - { name: 'mail', class: 'IN', type: 'CNAME', data: 'sid' }

  roles:
     - role: saucelabs-ansible.bind
       tags: bind

Tags

  • apparmor: apparmor configuration tasks.
  • configuration: configuration tasks.
  • debug: role variables debug task.
  • installation: installation tasks.
  • validation: role variables validation task.

Test

To run the tests you will need to install:

To run all tests against all pre-defined OS/distributions * ansible versions:

$ tox

To run tests for trusty64:

$ cd tests
$ bash test_idempotence.sh --box trusty64.vagrant.dev
# log file will be stores under tests/log

To perform debugging on a specific environment:

$ cd tests
$ vagrant up trusty64.vagrant.dev

# to provision using the test.yml playbook (as many time as you need)
$ vagrant provision trusty64.vagrant.dev

# to access the Vagrant box
$ vagrant ssh trusty64.vagrant.dev

Links

License

BSD

Author Information

About

Ansible role to manage and setup BIND (Berkley Internet Naming Daemon).

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Shell 71.5%
  • Ruby 14.5%
  • Python 14.0%