dns: validate unbound and nsd config file before update

author: Aaron LI <aly@aaronly.me> 2018-03-03 00:17:53 +0800
committer: Aaron LI <aly@aaronly.me> 2018-03-14 11:35:07 +0800
commit: bb51dfab00ba345f03d2f8cf87b320ccf98c1742 (patch)
tree: 743a6a277701b729e5fe8d05469a1d17db80094a /roles/dns
parent: 82d28ab9e535931f05e5eb11b8d6e14c02a530b7 (diff)
download: ansible-dfly-vps-bb51dfab00ba345f03d2f8cf87b320ccf98c1742.tar.bz2
1 files changed, 8 insertions, 6 deletions
diff --git a/roles/dns/tasks/main.yml b/roles/dns/tasks/main.yml
index cc5c07a..efc9669 100644
--- a/roles/dns/tasks/main.yml
+++ b/roles/dns/tasks/main.yml
@@ -35,6 +35,7 @@
   copy:
     src: unbound.conf
     dest: /usr/local/etc/unbound/unbound.conf
+    validate: "unbound-checkconf %s"
   notify: reload-unbound
 
 - name: unbound - enable and start service
@@ -48,12 +49,6 @@
 #
 # NSD
 #
-- name: NSD - copy configuration
-  template:
-    src: nsd.conf.j2
-    dest: /usr/local/etc/nsd/nsd.conf
-  notify: reload-nsd
-
 - name: NSD - check existence of control key/cert
   stat:
     path: /usr/local/etc/nsd/nsd_control.key
@@ -75,6 +70,13 @@
   # NOTE: `with_fileglob` always operates from `files/`
   with_fileglob:
     - "../templates/zones/*.j2"
+
+# NOTE: requires variable `zonefiles`
+- name: NSD - generate configuration
+  template:
+    src: nsd.conf.j2
+    dest: /usr/local/etc/nsd/nsd.conf
+    validate: "nsd-checkconf %s"
   notify: reload-nsd
 
 - name: NSD - enable and start service
author	Aaron LI <aly@aaronly.me>	2018-03-03 00:17:53 +0800
committer	Aaron LI <aly@aaronly.me>	2018-03-14 11:35:07 +0800
commit	bb51dfab00ba345f03d2f8cf87b320ccf98c1742 (patch)
tree	743a6a277701b729e5fe8d05469a1d17db80094a /roles/dns
parent	82d28ab9e535931f05e5eb11b8d6e14c02a530b7 (diff)
download	ansible-dfly-vps-bb51dfab00ba345f03d2f8cf87b320ccf98c1742.tar.bz2