s3lph/ansible-collection-nameserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Minor fixes

Browse source
This commit is contained in:
s3lph 2021-01-16 03:32:20 +01:00
parent 034f06b6c4
commit 486b0d1bed
2 changed files with 25 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
roles/knot/tasks/config.yml
View file

@ -11,6 +11,23 @@
- "{{ knot_zone_master_storage_path }}" - "{{ knot_zone_master_storage_path }}"
- "{{ knot_zone_replica_storage_path }}" - "{{ knot_zone_replica_storage_path }}"
- name: make sure all zones have a name
assert:
that:
- "'name' in item.value"
- "item.value.name | type_debug == 'str'"
fail_msg: "{{ item.key }} does not have a name"
loop: "{{ hostvars[inventory_hostname] | dict2items | selectattr('key', 'match', '^knot_zone_.+$') | list }}"
- name: make sure all zones have at least one master defined
assert:
that:
- "'masters' in item.value"
- "item.value.masters | type_debug == 'list'"
- "item.value.masters | length > 0"
fail_msg: "{{ item.key }} does not have a zone master"
loop: "{{ hostvars[inventory_hostname] | dict2items | selectattr('key', 'match', '^knot_zone_.+$') | list }}"
- name: render knot zone files - name: render knot zone files
template: template:
src: var/lib/knot/master/zone.j2 src: var/lib/knot/master/zone.j2

16
roles/knot/templates/etc/knot/knot.conf.j2
View file

@ -41,10 +41,9 @@ acl:
# MASTER ZONES # MASTER ZONES
# #
policy:
{% for zone in zones %} {% for zone in zones %}
{% if inventory_hostname in zone.masters %} {% if inventory_hostname in zone.masters %}
policy:
- id: dnssec-{{ zone.name }} - id: dnssec-{{ zone.name }}
algorithm: {{ knot_dnssec_policy_algorithm }} algorithm: {{ knot_dnssec_policy_algorithm }}
nsec3: {{ knot_dnssec_policy_nsec3 }} nsec3: {{ knot_dnssec_policy_nsec3 }}
@ -52,9 +51,13 @@ policy:
zsk-size: {{ knot_dnssec_policy_zsk_size }} zsk-size: {{ knot_dnssec_policy_zsk_size }}
ksk-shared: {{ knot_dnssec_policy_ksk_shared }} ksk-shared: {{ knot_dnssec_policy_ksk_shared }}
cds-cdnskey-publish: {{ knot_dnssec_policy_cds_publish }} cds-cdnskey-publish: {{ knot_dnssec_policy_cds_publish }}
{% endif %}
{% endfor %}
zone: zone:
- domain: {{ zone.name }}. {% for zone in zones %}
{% if inventory_hostname in zone.masters %}
- domain: {{ zone.name }}
storage: {{ knot_zone_master_storage_path }} storage: {{ knot_zone_master_storage_path }}
semantic-checks: {{ knot_zone_semantic_checks }} semantic-checks: {{ knot_zone_semantic_checks }}
serial-policy: unixtime serial-policy: unixtime
@ -67,7 +70,6 @@ zone:
{% for replica in zone.replicas %} {% for replica in zone.replicas %}
notify: remote-{{ replica }} notify: remote-{{ replica }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
@ -76,11 +78,10 @@ zone:
# REPLICA ZONES # REPLICA ZONES
# #
zone:
{% for zone in zones %} {% for zone in zones %}
{% if inventory_hostname in zone.replicas %} {% if inventory_hostname in zone.replicas %}
- domain: {{ zone.name }}
zone:
- domain: {{ zone.name }}.
storage: {{ knot_zone_replica_storage_path }} storage: {{ knot_zone_replica_storage_path }}
serial-policy: unixtime serial-policy: unixtime
{% for master in zone.masters %} {% for master in zone.masters %}
@ -89,7 +90,6 @@ zone:
{% for master in zone.masters %} {% for master in zone.masters %}
master: remote-{{ master }} master: remote-{{ master }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}