marcinpraczko.named
Quick Info
This role is a modified version of the following repository:
Reasons for creating this modified version:
- Named is still relevant, and we want a working role for it.
- The role has a good structure and is flexible for configuration.
- The original role didn’t work properly since 2015 and some issues were not fixed.
Ansible-role-named
Version: 0.1.4
- Requires Ansible 2.0 or higher.
- Works with most versions of RHEL/CentOS 6.x, 7.x, Debian, and Ubuntu.
Installation
Installing from ansible-galaxy (latest version)
$ ansible-galaxy install marcinpraczko.named
Installing from GitHub
Sometimes, changes are made in the develop or feature branches that have not been released yet. Ansible-galaxy allows you to install roles directly from GitHub.
mkdir testing-roles
cd testing-roles
ansible-galaxy install -p roles git+https://github.com/marcinpraczko/ansible-role-named.git,develop
The example above will install the develop branch. You can also specify any git commit, tag, or branch name as needed.
To check the installed versions, use this command:
ansible-galaxy list -p roles
Getting Started
Installing BIND (named)
Installing BIND (named) and required dependencies is easy and can be done either before configuring or on its own:
To Install Only
$ ansible-playbook -t install -i hosts named.yml
To Run the Entire Playbook
$ ansible-playbook -i hosts named.yml
Example Playbook, Hosts, and Group Variables
Example Playbook
- name: "Actions Needed to Get Masters into a Happy State"
hosts: named_masters
remote_user: root
roles:
- "marcinpraczko.named"
- name: "Actions Needed to Get Slaves into a Happy State"
hosts: named_slaves
remote_user: root
roles:
- "marcinpraczko.named"
Example Hosts
[named_masters]
127.0.0.1
#[named_slaves]
#127.0.0.1
Example Group Variables
named_masters:
named_acls:
public_slaves:
- 8.8.8.8
- 9.9.9.9
private_slaves:
- 192.168.25.5
- 192.168.25.6
named_zones:
foo_com:
type: master
allow_transfer:
- public_slaves
ttl: 3000
named_slaves:
named_zones_create_masters: False
named_zones:
foo_com:
type: slave
master:
- 7.7.7.7
This role includes tasks for installing and configuring, which can be run separately or together. It creates a named.conf file and an included.conf file for ACLs and zone includes, as well as dynamic zone files based on default or group variables.
Configurable Options
There are several configurable options in this role. Below is a summary of the default settings (a full list can be found in defaults/main.yml):
## Installation Options
named_conf_file_location: /etc/named.conf
# Verify these match your operating system
named_user: named
named_group: named
named_service_name: named
# Monitoring settings
named_monit_enable: False
named_monit_service_name: monit
named_monit_conf_directory: /etc/monit.d
named_pid_file: /var/run/named/named.pid
named_service_file: /etc/init.d/named
## Base Configuration Options
# Options Section
named_conf_listen_on_port: 53
named_conf_listen_on_interface:
- 127.0.0.1
named_conf_listen_on_v6_port: 53
named_conf_listen_on_v6_interface:
- ::1
named_conf_notify: "no"
named_conf_forwarders:
- 7.7.7.7
- 7.7.8.8
named_conf_directory: /var/named
named_conf_dump_file: /var/named/data/cache_dump.db
named_conf_statistics_file: /var/named/data/named_stats.txt
named_conf_memstatistics_file: /var/named/data/named_mem_stats.txt
named_conf_allow_query:
- any
named_conf_recursion: no
named_conf_dnssec_enable: yes
named_conf_dnssec_validation: yes
named_conf_dnssec_lookaside: auto
named_conf_bindkeys_file: /etc/named.iscdlv.key
named_conf_managed_keys_directory: /var/named/dynamic
# Logging Section
named_conf_logging_channel: default_debug
named_conf_logging_file_directory: /var/log/named
named_conf_logging_file: named.log
named_conf_logging_severity: info
named_conf_logging_print_severity: yes
named_conf_logging_print_time: yes
named_conf_logging_print_category: yes
named_conf_logging_category_name: default
named_conf_logging_categories:
- default_debug
named_conf_includes_directory: /etc/named
### No default ACLs or includes
## Master Settings
# This option decides if zone files should be created in the specified
# master directory. Normally, you wouldn’t want to create these if
# configuring a slave host.
named_zones_create_masters: True
### Zone Configuration Defaults
named_conf_zone_ttl: 21600
named_conf_zone_soa: foo.com. noc.foo.com.
named_conf_zone_refresh: 21600
named_conf_zone_retry: 600
named_conf_zone_expire: 86400
named_conf_zone_expire_min: 3000
You can set default variables for dynamic zone file creation, which can simplify your group_var files by allowing overrides only for zones that need different settings.
Facts
The following facts can be accessed in your inventory or outside of this role:
{{ ansible_local.named.interfaces_ipv4 }}{{ ansible_local.named.interfaces_ipv6 }}{{ ansible_local.named.port_ipv4 }}{{ ansible_local.named.port_ipv6 }}
Testing
- Initially, the role only had a
travisfile. - Added
moleculeconfiguration for local testing of this role.
Molecule helps test Ansible roles locally using docker or vagrant. It also allows for validation using tools like serverspec or testinfra.
This makes testing this role much easier.
Install Required Packages
- Docker
- Vagrant
Install Molecule
- Create a Python virtual environment on your system.
- Install
moleculein the virtual environment.
virtualenv venv
source venv/bin/activate
# Update common pip packages
pip install -U pip setuptools wheel
# Install molecule with required Python packages
pip install -r tests/requirements.txt
Testing with Molecule
Use the following command to test the role with the Vagrant driver.
Note: The first time this command is run, it may take a while because the entire Vagrant image must be downloaded.
molecule test --sudo
This command will run --sudo only for verification tools like testinfra or serverspec. The --sudo option does not affect how Ansible runs.
ansible-galaxy install marcinpraczko.named