Merge pull request #94 from PowerDNS/ssp-rec-from-files

rec: add copy files for *-from-file configuration directives
PowerDNS · Mar 3, 2023 · 4914406 · 4914406
2 parents 54fe466 + 9dae8de
commit 4914406
Show file tree

Hide file tree

Showing 3 changed files with 71 additions and 20 deletions.
diff --git a/README.md b/README.md
@@ -78,7 +78,7 @@ pdns_rec_install_epel: True
 ```
 
 By default, install EPEL to satisfy some PowerDNS Recursor dependencies like `protobuf`.
-To skip the installtion of EPEL set `pdns_rec_install_epel` to `False`.
+To skip the installation of EPEL set `pdns_rec_install_epel` to `False`.
 
 ```yaml
 pdns_rec_package_name: "{{ default_pdns_rec_package_name }}"
@@ -182,6 +182,23 @@ pdns_rec_service_overrides:
 Dict with overrides for the service (systemd only).
 This can be used to change any systemd settings in the `[Service]` category
 
+```yaml
+pdns_rec_config_from_files_dir_mode: 0750
+pdns_rec_config_from_files: []
+#pdns_rec_config_from_files:
+#  - dest: "/var/lib/pdns-recursor/from-files/forward-zones.txt"
+#    src: "files/forward-zones/forward.txt"
+```
+
+List of files to copy to the PowerDNS Recursor instance, could be used for the `*-from-file` settings in the `recursor.conf` configuration file.
+The variable `pdns_rec_config_from_files_dir_mode` allows to change the ownership mode of files, if required.
+
+```yaml
+pdns_rec_config_include_dir_mode: 0750
+```
+
+The `pdns_rec_config_include_dir_mode` will change the mode of directories form `include-dir` settings, in case one of them required some writing permissions.
+
 ## Example Playbooks
 
 Bind to `203.0.113.53` on port `5300` and allow only traffic from the `198.51.100.0/24` subnet:

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -80,6 +80,13 @@ pdns_rec_config_lua_file_content: ""
 pdns_rec_config_dns_script: "{{ pdns_rec_config_dir }}/dns-script.lua"
 pdns_rec_config_dns_script_file_content: ""
 
+# Mode for directories from include-dir
+pdns_rec_config_include_dir_mode: 0750
+
+# Directories and files required by recursor configuration
+pdns_rec_config_from_files_dir_mode: 0750
+pdns_rec_config_from_files: []
+
 # Dict containing all configuration options, except for the
 # "config-dir", "setuid" and "setgid" directives in YAML format.
 pdns_rec_config: {}

diff --git a/tasks/configure.yml b/tasks/configure.yml
@@ -2,26 +2,26 @@
 
 - block:
 
-  - name: Ensure the PowerDNS Recursor drop-in unit overrides directory exists (systemd)
-    file:
-      name: "/etc/systemd/system/{{ pdns_rec_service_name }}.service.d"
-      state: directory
-      owner: root
-      group: root
+    - name: Ensure the PowerDNS Recursor drop-in unit overrides directory exists (systemd)
+      file:
+        name: "/etc/systemd/system/{{ pdns_rec_service_name }}.service.d"
+        state: directory
+        owner: root
+        group: root
 
-  - name: Override the PowerDNS Recursor unit (systemd)
-    template:
-      src: "override-service.systemd.conf.j2"
-      dest: "/etc/systemd/system/{{ pdns_rec_service_name }}.service.d/override.conf"
-      owner: root
-      group: root
-    when: pdns_rec_service_overrides | length > 0
-    register: _pdns_recursor_override_unit
+    - name: Override the PowerDNS Recursor unit (systemd)
+      template:
+        src: "override-service.systemd.conf.j2"
+        dest: "/etc/systemd/system/{{ pdns_rec_service_name }}.service.d/override.conf"
+        owner: root
+        group: root
+      when: pdns_rec_service_overrides | length > 0
+      register: _pdns_recursor_override_unit
 
-  - name: Reload systemd
-    command: systemctl daemon-reload
-    when: not pdns_rec_disable_handlers
-      and _pdns_recursor_override_unit.changed
+    - name: Reload systemd
+      command: systemctl daemon-reload
+      when: not pdns_rec_disable_handlers
+        and _pdns_recursor_override_unit.changed
 
   when: ansible_service_mgr == "systemd"
 
@@ -48,8 +48,33 @@
     state: directory
     owner: "{{ pdns_rec_file_owner }}"
     group: "{{ pdns_rec_file_group }}"
-    mode: 0750
+    mode: "{{ pdns_rec_config_include_dir_mode }}"
   when: "pdns_rec_config['include-dir'] is defined"
+  register: _pdns_recursor_configuration_include_dir
+
+- block:
+
+    - name: Ensure that the PowerDNS Recursor configuration from-files directory exists
+      ansible.builtin.file:
+        name: "{{ item.dest | dirname }}"
+        state: directory
+        owner: "{{ pdns_rec_file_owner }}"
+        group: "{{ pdns_rec_file_group }}"
+        mode: "{{ pdns_rec_config_from_files_dir_mode }}"
+      loop: "{{ pdns_rec_config_from_files }}"
+
+    - name: Copy the PowerDNS Recursor configuration from-files files
+      ansible.builtin.copy:
+        content: "{{ item.content | default(omit) }}"
+        src: "{{ item.src | default(omit) }}"
+        dest: "{{ item.dest }}"
+        owner: "{{ pdns_rec_file_owner }}"
+        group: "{{ pdns_rec_file_group }}"
+        mode: "{{ pdns_rec_config_from_files_dir_mode }}"
+      loop: "{{ pdns_rec_config_from_files }}"
+      register: _pdns_recursor_configuration_from_files
+
+  when: "pdns_rec_config_from_files | length > 0"
 
 - name: Generate the PowerDNS Recursor Lua config-file
   copy:
@@ -79,6 +104,8 @@
   when: not pdns_rec_disable_handlers
     and pdns_rec_service_state != 'stopped'
     and (_pdns_recursor_override_unit.changed
+      or _pdns_recursor_configuration_include_dir.changed
       or _pdns_recursor_configuration.changed
+      or _pdns_recursor_configuration_from_files.changed
       or _pdns_recursor_lua_file_configuraton.changed
       or _pdns_recursor_dns_script_configuration.changed)