From 5836875b025e1601dd182963fc372581cc724faa Mon Sep 17 00:00:00 2001 From: Aaron LI Date: Sun, 4 Mar 2018 18:42:40 +0800 Subject: dns: refactor nsd zones generation to support DKIM record --- roles/dns/tasks/main.yml | 25 ++++++------------------- roles/dns/tasks/nsd-zone.yml | 31 +++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+), 19 deletions(-) create mode 100644 roles/dns/tasks/nsd-zone.yml diff --git a/roles/dns/tasks/main.yml b/roles/dns/tasks/main.yml index 68663f7..d2d6289 100644 --- a/roles/dns/tasks/main.yml +++ b/roles/dns/tasks/main.yml @@ -58,35 +58,22 @@ command: nsd-control-setup when: not stat_result.stat.exists +- name: NSD - create zones directory + file: + path: /usr/local/etc/nsd/zones + state: directory + - name: NSD - get the list of zone files set_fact: zonefiles: "{{ lookup('fileglob', '../templates/zones/*.j2', wantlist=True) }}" - debug: var=zonefiles -- name: NSD - create zones directory - file: - path: /usr/local/etc/nsd/zones - state: directory - - name: NSD - generate zone files - vars: - domain: "{{ item | basename | regex_replace('\\.zone\\.j2', '') }}" - template: - src: "{{ item }}" - dest: "/usr/local/etc/nsd/zones/{{ domain }}.zone" - # XXX: `validate` doesn't work with `with_items`??? - validate: "nsd-checkzone {{ domain }} %s" + include_tasks: nsd-zone.yml zonefile={{ item }} with_items: "{{ zonefiles }}" notify: reload-nsd -# XXX: the above `validate` doesn't work with `with_items`??? -- name: NSD - check zone files - vars: - domain: "{{ item | basename | regex_replace('\\.zone\\.j2', '') }}" - command: "nsd-checkzone {{ domain }} /usr/local/etc/nsd/zones/{{ domain }}.zone" - with_items: "{{ zonefiles }}" - # NOTE: requires variable `zonefiles` - name: NSD - generate configuration template: diff --git a/roles/dns/tasks/nsd-zone.yml b/roles/dns/tasks/nsd-zone.yml new file mode 100644 index 0000000..960b230 --- /dev/null +++ b/roles/dns/tasks/nsd-zone.yml @@ -0,0 +1,31 @@ +--- +- name: var - set domain + set_fact: + domain: "{{ zonefile | basename | regex_replace('\\.zone\\.j2', '') }}" + +- name: var - set domain_keyfile + set_fact: + domain_keyfile: /usr/local/etc/mail/dkim/{{ domain }}-{{ mail.dkim.selector }}.pem + +- name: dkim - check domain key existence + stat: + path: "{{ domain_keyfile }}" + register: stat_result + +- name: dkim - slurp domain key from the remote machine + slurp: + src: "{{ domain_keyfile }}" + # NOTE: get the contents with `{{ slurp_result['content'] | b64decode }}` + register: slurp_result + when: stat_result.stat.exists + +- name: var - set domain_key + set_fact: + domain_key: "{{ slurp_result['content'] | b64decode }}" + when: stat_result.stat.exists + +- name: NSD - generate zone files + template: + src: "{{ zonefile }}" + dest: "/usr/local/etc/nsd/zones/{{ domain }}.zone" + validate: "nsd-checkzone {{ domain }} %s" -- cgit v1.2.2