From 93c9c12da549094148108ae39280a009823afdc7 Mon Sep 17 00:00:00 2001 From: Serhii S Date: Mon, 30 Jan 2023 12:10:59 +0100 Subject: [PATCH 1/5] rec: add copy files for *-from-file configuration directives --- defaults/main.yml | 7 +++++++ tasks/configure.yml | 29 ++++++++++++++++++++++++++++- 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index a6b12b3..9501899 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -80,6 +80,13 @@ pdns_rec_config_lua_file_content: "" pdns_rec_config_dns_script: "{{ pdns_rec_config_dir }}/dns-script.lua" pdns_rec_config_dns_script_file_content: "" +# Mode for directories from include-dir +pdns_rec_config_include_dir_mode: 0750 + +# Directories and files required by recursor configuration +pdns_rec_config_from_files_dir_mode: 0750 +pdns_rec_config_from_files: [] + # Dict containing all configuration options, except for the # "config-dir", "setuid" and "setgid" directives in YAML format. pdns_rec_config: {} diff --git a/tasks/configure.yml b/tasks/configure.yml index b1f2a1d..a0b437c 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -48,8 +48,33 @@ state: directory owner: "{{ pdns_rec_file_owner }}" group: "{{ pdns_rec_file_group }}" - mode: 0750 + mode: "{{ pdns_rec_config_include_dir_mode }}" when: "pdns_rec_config['include-dir'] is defined" + register: _pdns_recursor_configuration_include_dir + +- block: + + - name: Ensure that the PowerDNS Recursor configuration from-files directory exists + ansible.builtin.file: + name: "{{ item.dest | dirname }}" + state: directory + owner: "{{ pdns_rec_file_owner }}" + group: "{{ pdns_rec_file_group }}" + mode: "{{ pdns_rec_config_from_files_dir_mode }}" + loop: "{{ pdns_rec_config_from_files }}" + + - name: Copy the PowerDNS Recursor configuration from-files files + ansible.builtin.copy: + content: "{{ item.content | default(omit) }}" + src: "{{ item.src | default(omit) }}" + dest: "{{ item.dest }}" + owner: "{{ pdns_rec_file_owner }}" + group: "{{ pdns_rec_file_group }}" + mode: "{{ pdns_rec_config_from_files_dir_mode }}" + loop: "{{ pdns_rec_config_from_files }}" + register: _pdns_recursor_configuration_from_files + + when: pdns_rec_config_from_files | length > 0 - name: Generate the PowerDNS Recursor Lua config-file copy: @@ -79,6 +104,8 @@ when: not pdns_rec_disable_handlers and pdns_rec_service_state != 'stopped' and (_pdns_recursor_override_unit.changed + or _pdns_recursor_configuration_include_dir.changed or _pdns_recursor_configuration.changed + or _pdns_recursor_configuration_from_files.changed or _pdns_recursor_lua_file_configuraton.changed or _pdns_recursor_dns_script_configuration.changed) From 5d3368e611e52bba0f15cbb8d529d1e66540727f Mon Sep 17 00:00:00 2001 From: Serhii S Date: Mon, 30 Jan 2023 13:45:20 +0100 Subject: [PATCH 2/5] update readme --- README.md | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index e2c5456..e3bdcbb 100644 --- a/README.md +++ b/README.md @@ -78,7 +78,7 @@ pdns_rec_install_epel: True ``` By default, install EPEL to satisfy some PowerDNS Recursor dependencies like `protobuf`. -To skip the installtion of EPEL set `pdns_rec_install_epel` to `False`. +To skip the installation of EPEL set `pdns_rec_install_epel` to `False`. ```yaml pdns_rec_package_name: "{{ default_pdns_rec_package_name }}" @@ -182,6 +182,23 @@ pdns_rec_service_overrides: Dict with overrides for the service (systemd only). This can be used to change any systemd settings in the `[Service]` category +```yaml +pdns_rec_config_from_files_dir_mode: 0750 +pdns_rec_config_from_files: [] +#pdns_rec_config_from_files: +# - dest: "/var/lib/pdns-recursor/from-files/forward-zones.txt" +# src: "files/forward-zones/forward.txt" +``` + +List of files to copy to the PowerDNS Recursor instance, could be used for the `*-from-file` settings in the `recursor.conf` configuration file. +The `pdns_rec_config_from_files_dir_mode` allow to change the mode of files if required. + +```yaml +pdns_rec_config_include_dir_mode: 0750 +``` + +The `pdns_rec_config_include_dir_mode` will change the mode of directories form `include-dir` settings, in case one of them required some writing permissions. + ## Example Playbooks Bind to `203.0.113.53` on port `5300` and allow only traffic from the `198.51.100.0/24` subnet: From 9b6da54966938a550326a20211fb1168e916111d Mon Sep 17 00:00:00 2001 From: Serhii S Date: Mon, 30 Jan 2023 13:45:43 +0100 Subject: [PATCH 3/5] amend some quotes and spaces --- defaults/main.yml | 4 ++-- tasks/configure.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 9501899..44bb970 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -80,10 +80,10 @@ pdns_rec_config_lua_file_content: "" pdns_rec_config_dns_script: "{{ pdns_rec_config_dir }}/dns-script.lua" pdns_rec_config_dns_script_file_content: "" -# Mode for directories from include-dir +# Mode for directories from include-dir pdns_rec_config_include_dir_mode: 0750 -# Directories and files required by recursor configuration +# Directories and files required by recursor configuration pdns_rec_config_from_files_dir_mode: 0750 pdns_rec_config_from_files: [] diff --git a/tasks/configure.yml b/tasks/configure.yml index a0b437c..02acfb0 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -74,7 +74,7 @@ loop: "{{ pdns_rec_config_from_files }}" register: _pdns_recursor_configuration_from_files - when: pdns_rec_config_from_files | length > 0 + when: "pdns_rec_config_from_files | length > 0" - name: Generate the PowerDNS Recursor Lua config-file copy: From 17114da1fe86b1593981ac67c1ca3e07dcc61631 Mon Sep 17 00:00:00 2001 From: Serhii S Date: Thu, 9 Feb 2023 09:43:45 +0100 Subject: [PATCH 4/5] readme: fix typos --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e3bdcbb..fb9c62f 100644 --- a/README.md +++ b/README.md @@ -191,7 +191,7 @@ pdns_rec_config_from_files: [] ``` List of files to copy to the PowerDNS Recursor instance, could be used for the `*-from-file` settings in the `recursor.conf` configuration file. -The `pdns_rec_config_from_files_dir_mode` allow to change the mode of files if required. +The variable `pdns_rec_config_from_files_dir_mode` allows to change the ownership mode of files, if required. ```yaml pdns_rec_config_include_dir_mode: 0750 From 9dae8de1cab99ccece6b2eb13174720c4457162e Mon Sep 17 00:00:00 2001 From: Serhii S Date: Thu, 2 Mar 2023 09:29:30 +0100 Subject: [PATCH 5/5] add 4 idents inside blocks --- tasks/configure.yml | 72 ++++++++++++++++++++++----------------------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/tasks/configure.yml b/tasks/configure.yml index 02acfb0..f55e800 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -2,26 +2,26 @@ - block: - - name: Ensure the PowerDNS Recursor drop-in unit overrides directory exists (systemd) - file: - name: "/etc/systemd/system/{{ pdns_rec_service_name }}.service.d" - state: directory - owner: root - group: root + - name: Ensure the PowerDNS Recursor drop-in unit overrides directory exists (systemd) + file: + name: "/etc/systemd/system/{{ pdns_rec_service_name }}.service.d" + state: directory + owner: root + group: root - - name: Override the PowerDNS Recursor unit (systemd) - template: - src: "override-service.systemd.conf.j2" - dest: "/etc/systemd/system/{{ pdns_rec_service_name }}.service.d/override.conf" - owner: root - group: root - when: pdns_rec_service_overrides | length > 0 - register: _pdns_recursor_override_unit + - name: Override the PowerDNS Recursor unit (systemd) + template: + src: "override-service.systemd.conf.j2" + dest: "/etc/systemd/system/{{ pdns_rec_service_name }}.service.d/override.conf" + owner: root + group: root + when: pdns_rec_service_overrides | length > 0 + register: _pdns_recursor_override_unit - - name: Reload systemd - command: systemctl daemon-reload - when: not pdns_rec_disable_handlers - and _pdns_recursor_override_unit.changed + - name: Reload systemd + command: systemctl daemon-reload + when: not pdns_rec_disable_handlers + and _pdns_recursor_override_unit.changed when: ansible_service_mgr == "systemd" @@ -54,25 +54,25 @@ - block: - - name: Ensure that the PowerDNS Recursor configuration from-files directory exists - ansible.builtin.file: - name: "{{ item.dest | dirname }}" - state: directory - owner: "{{ pdns_rec_file_owner }}" - group: "{{ pdns_rec_file_group }}" - mode: "{{ pdns_rec_config_from_files_dir_mode }}" - loop: "{{ pdns_rec_config_from_files }}" + - name: Ensure that the PowerDNS Recursor configuration from-files directory exists + ansible.builtin.file: + name: "{{ item.dest | dirname }}" + state: directory + owner: "{{ pdns_rec_file_owner }}" + group: "{{ pdns_rec_file_group }}" + mode: "{{ pdns_rec_config_from_files_dir_mode }}" + loop: "{{ pdns_rec_config_from_files }}" - - name: Copy the PowerDNS Recursor configuration from-files files - ansible.builtin.copy: - content: "{{ item.content | default(omit) }}" - src: "{{ item.src | default(omit) }}" - dest: "{{ item.dest }}" - owner: "{{ pdns_rec_file_owner }}" - group: "{{ pdns_rec_file_group }}" - mode: "{{ pdns_rec_config_from_files_dir_mode }}" - loop: "{{ pdns_rec_config_from_files }}" - register: _pdns_recursor_configuration_from_files + - name: Copy the PowerDNS Recursor configuration from-files files + ansible.builtin.copy: + content: "{{ item.content | default(omit) }}" + src: "{{ item.src | default(omit) }}" + dest: "{{ item.dest }}" + owner: "{{ pdns_rec_file_owner }}" + group: "{{ pdns_rec_file_group }}" + mode: "{{ pdns_rec_config_from_files_dir_mode }}" + loop: "{{ pdns_rec_config_from_files }}" + register: _pdns_recursor_configuration_from_files when: "pdns_rec_config_from_files | length > 0"