run nsd on bare metal
This commit is contained in:
parent
9bb44e4978
commit
117d7d2cf4
11 changed files with 39 additions and 102 deletions
|
|
@ -1,86 +1,69 @@
|
|||
- name: Create nsd app directory
|
||||
file:
|
||||
path: /apps/nsd
|
||||
state: directory
|
||||
- name: Create nsd configuration directory
|
||||
file:
|
||||
path: /apps/nsd/conf
|
||||
state: directory
|
||||
owner: 991
|
||||
group: 991
|
||||
- name: Install nsd
|
||||
apt:
|
||||
pkg:
|
||||
- nsd
|
||||
- ldnsutils
|
||||
- name: Copy nsd.conf
|
||||
copy:
|
||||
src: "{{ role_path }}/files/nsd.conf"
|
||||
dest: /apps/nsd/conf/nsd.conf
|
||||
- name: Create nsd zones directory
|
||||
dest: /etc/nsd/nsd.conf
|
||||
- name: Create zones directory
|
||||
file:
|
||||
path: /apps/nsd/zones
|
||||
path: /etc/nsd/zones
|
||||
state: directory
|
||||
owner: 991
|
||||
group: 991
|
||||
- name: Copy zone files
|
||||
copy:
|
||||
src: "{{ role_path }}/files/zones/"
|
||||
dest: /apps/nsd/zones
|
||||
- name: Create nsd keys directory
|
||||
dest: /etc/nsd/zones
|
||||
- name: Create keys directory
|
||||
file:
|
||||
path: /apps/nsd/keys
|
||||
path: /etc/nsd/keys
|
||||
state: directory
|
||||
owner: 991
|
||||
group: 991
|
||||
- name: Copy KSK private keys
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
dest: "/apps/nsd/keys/{{ item | basename }}"
|
||||
dest: "/etc/nsd/keys/{{ item | basename }}"
|
||||
with_fileglob:
|
||||
- "{{ role_path }}/files/keys/*.ksk.private"
|
||||
- name: Copy KSK keys
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: "/apps/nsd/keys/{{ item | basename }}"
|
||||
dest: "/etc/nsd/keys/{{ item | basename }}"
|
||||
with_fileglob:
|
||||
- "{{ role_path }}/files/keys/*.ksk.key"
|
||||
- name: Copy Docker Compose script
|
||||
copy:
|
||||
src: "{{ role_path }}/files/docker-compose.yml"
|
||||
dest: /apps/nsd/docker-compose.yml
|
||||
- name: Start Docker Compose
|
||||
docker_compose:
|
||||
project_src: /apps/nsd
|
||||
pull: true
|
||||
remove_orphans: true
|
||||
- name: Check if ZSKs exist
|
||||
stat:
|
||||
path: "/apps/nsd/keys/K{{ item | basename }}.zsk.key"
|
||||
path: "/etc/nsd/keys/K{{ item | basename }}.zsk.key"
|
||||
register: zsks_exists
|
||||
with_fileglob:
|
||||
- "{{ role_path }}/files/zones/*"
|
||||
- name: Create ZSK
|
||||
command:
|
||||
cmd: "docker-compose exec -w /keys nsd ldns-keygen -a ED25519 {{ item.item | basename }}"
|
||||
chdir: /apps/nsd
|
||||
cmd: "ldns-keygen -a ED25519 {{ item.item | basename }}"
|
||||
chdir: /etc/nsd/keys
|
||||
register: create_zsk
|
||||
when: not item.stat.exists
|
||||
with_items: "{{ zsks_exists.results }}"
|
||||
- name: Rename ZSK key
|
||||
command:
|
||||
cmd: "docker-compose exec -w /keys nsd mv {{ item.stdout }}.key K{{ item.item.item | basename }}.zsk.key"
|
||||
chdir: /apps/nsd
|
||||
cmd: "mv {{ item.stdout }}.key K{{ item.item.item | basename }}.zsk.key"
|
||||
chdir: /etc/nsd/keys
|
||||
when: item.changed
|
||||
with_items: "{{ create_zsk.results }}"
|
||||
- name: Rename ZSK private key
|
||||
command:
|
||||
cmd: "docker-compose exec -w /keys nsd mv {{ item.stdout }}.private K{{ item.item.item | basename }}.zsk.private"
|
||||
chdir: /apps/nsd
|
||||
cmd: "mv {{ item.stdout }}.private K{{ item.item.item | basename }}.zsk.private"
|
||||
chdir: /etc/nsd/keys
|
||||
when: item.changed
|
||||
with_items: "{{ create_zsk.results }}"
|
||||
- name: Sign zones
|
||||
command:
|
||||
cmd: 'docker-compose exec -w /zones nsd ldns-signzone {{ item | basename }} /keys/K{{ item | basename }}.zsk /keys/K{{ item | basename }}.ksk'
|
||||
chdir: /apps/nsd
|
||||
cmd: "ldns-signzone {{ item | basename }} /etc/nsd/keys/K{{ item | basename }}.zsk /etc/nsd/keys/K{{ item | basename }}.ksk"
|
||||
chdir: /etc/nsd/zones
|
||||
with_fileglob:
|
||||
- "{{ role_path }}/files/zones/*"
|
||||
- name: Restart Docker Compose
|
||||
docker_compose:
|
||||
project_src: /apps/nsd
|
||||
restarted: true
|
||||
- name: Restart NSD
|
||||
systemd:
|
||||
name: nsd
|
||||
enabled: true
|
||||
state: reloaded
|
||||
|
|
|
|||
Reference in a new issue