Initial commit of NSD ansible role
Change-Id: I97c6455f2513604b86156017b5b7b1d769e7bbc0
diff --git a/tasks/Debian.yml b/tasks/Debian.yml
new file mode 100644
index 0000000..7f2e108
--- /dev/null
+++ b/tasks/Debian.yml
@@ -0,0 +1,12 @@
+---
+# nsd tasks/Debian.yml
+#
+# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
+# SPDX-License-Identifier: Apache-2.0
+
+- name: Install NSD packages (Debian)
+ apt:
+ name: "nsd"
+ state: "present"
+ update_cache: true
+ cache_valid_time: 3600
diff --git a/tasks/OpenBSD.yml b/tasks/OpenBSD.yml
new file mode 100644
index 0000000..e64f33f
--- /dev/null
+++ b/tasks/OpenBSD.yml
@@ -0,0 +1,7 @@
+---
+# nsd tasks/OpenBSD.yml
+#
+# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
+# SPDX-License-Identifier: Apache-2.0
+
+# nothing to do here, OpenBSD already has NSD installed in base
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..68af1d5
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,58 @@
+---
+# nsd tasks/main.yml
+#
+# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
+# SPDX-License-Identifier: Apache-2.0
+
+- name: include OS-specific vars
+ include_vars: "{{ ansible_os_family }}.yml"
+
+- name: include OS-specific tasks
+ include_tasks: "{{ ansible_os_family }}.yml"
+
+- name: Create nsd zones directory
+ file:
+ name: "{{ nsd_zones_dir }}"
+ state: directory
+ mode: 0755
+ owner: root
+ group: "{{ nsd_groupname }}"
+
+- name: Create nsd.conf configuration file from template
+ template:
+ src: "nsd.conf.j2"
+ dest: "{{ nsd_conf_dir }}/nsd.conf"
+ owner: root
+ group: "{{ nsd_groupname }}"
+ mode: 0644
+ backup: true
+ validate: "nsd-checkconf %s"
+ notify:
+ - restart-nsd
+
+- name: Create DNS forward zonefiles from template
+ template:
+ src: zone.forward.j2
+ dest: "{{ nsd_zones_dir }}/{{ item.key }}.forward"
+ mode: 0644
+ owner: root
+ group: "{{ nsd_groupname }}"
+ validate: "nsd-checkzone {{ item.key }} %s"
+ with_dict: "{{ dns_zones }}"
+ notify:
+ - reload-nsd
+
+- name: Create DNS reverse zonefiles from template
+ template:
+ src: zone.reverse.j2
+ dest: "{{ nsd_zones_dir }}/{{ item.key }}.reverse"
+ mode: 0644
+ owner: root
+ group: "{{ nsd_groupname }}"
+ validate: "nsd-checkzone {{ item.value.ip_range | unbound_revdns }} %s"
+ with_dict: "{{ dns_zones }}"
+ notify:
+ - reload-nsd
+
+- name: Flush handlers as listen addresses can conflict with unbound
+ meta: flush_handlers